Removed rule. This rule is known, but it is no longer present in its source. Showing the last known version.Removed: Jun 18, 2026, 12:06 AM

URLhaus Known malware download URL detected (3849134)

SID: 84712234Rev: 1Derived2 viewsHistory
Fileurlhaus_suricata.rules
CreatedMay 17, 2026
UpdatedMay 17, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/ifnofwg.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849134/; classtype:trojan-activity; sid:84712234; rev:1;)

References

urlurlhaus.abuse.ch/url/3849134/

Metadata

created at2026_05_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!