Feodo Tracker tracks certain families that are related or that evolved from Feodo. Originally, Feodo was an ebanking Trojan used by cybercriminals to commit ebanking fraud. Since 2010, various malware families evolved from Feodo, such as Cridex, Dridex, Geodo, Heodo and Emotet. At the time being (2018), Dridex and Emotet (aka Heodo) are still active and actively being tracker by Feodo Tracker. The purpose of the project is:
- Identify botnet command&control servers (C&C) associated with a Feodo malware variant
- Provide a blocklist so that the community can protect themselves from the threat
Any data offered here is available for free (see Terms of Services), helping network administrators and security analysts to protect their network and customers from botnets.
If you are a vendor you may use data from Feodo Tracker for both, commercical and non-commercial purpose without any limitation (see Terms of Services). If you need a customized format, there is the possibility to get one. If you wish to do so, please contact me under coSntacPtAmeM@abuse.ch (remove all capital letters).
Feodo Tracker offers the following feeds:
- Botnet C2 IP Blocklist (CSV)
- Suricata Botnet C2 IP Ruleset