################################################################
# abuse.ch Feodo Tracker Suricata / Snort Ruleset              #
# Last updated: 2022-05-23 11:24:47 UTC                        #
#                                                              #
# Terms Of Use: https://feodotracker.abuse.ch/blocklist/       #
# For questions please contact feodotracker [at] abuse.ch      #
################################################################
#
alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900505003; rev:1;)
alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900505046; rev:1;)
alert tcp $HOME_NET any -> [12.162.84.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900505254; rev:1;)
alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900505384; rev:1;)
alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900505395; rev:1;)
alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900505482; rev:1;)
alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900505528; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900505536; rev:1;)
alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900505596; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900505648; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.192] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.192/; sid:900505765; rev:1;)
alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900505786; rev:1;)
alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900505805; rev:1;)
alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900505871; rev:1;)
alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900505872; rev:1;)
alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900505968; rev:1;)
alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900505979; rev:1;)
alert tcp $HOME_NET any -> [178.128.197.110] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.197.110/; sid:900506037; rev:1;)
alert tcp $HOME_NET any -> [186.225.119.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.119.170/; sid:900506113; rev:1;)
alert tcp $HOME_NET any -> [200.236.218.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.218.62/; sid:900506114; rev:1;)
alert tcp $HOME_NET any -> [24.162.214.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.162.214.166/; sid:900506127; rev:1;)
alert tcp $HOME_NET any -> [37.59.103.148] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.103.148/; sid:900506178; rev:1;)
alert tcp $HOME_NET any -> [107.170.64.97] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.64.97/; sid:900506184; rev:1;)
alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900506190; rev:1;)
alert tcp $HOME_NET any -> [178.238.236.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.236.59/; sid:900506215; rev:1;)
alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900506231; rev:1;)
alert tcp $HOME_NET any -> [181.129.167.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900506243; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.13] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.13/; sid:900506271; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.155] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.155/; sid:900506297; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.198] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.198/; sid:900506347; rev:1;)
alert tcp $HOME_NET any -> [204.174.223.210] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.174.223.210/; sid:900506350; rev:1;)
alert tcp $HOME_NET any -> [50.116.62.25] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.62.25/; sid:900506367; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.8] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.8/; sid:900506399; rev:1;)
alert tcp $HOME_NET any -> [192.99.150.39] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.150.39/; sid:900506412; rev:1;)
alert tcp $HOME_NET any -> [213.136.86.165] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.136.86.165/; sid:900506426; rev:1;)
alert tcp $HOME_NET any -> [97.107.134.115] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.134.115/; sid:900506431; rev:1;)
alert tcp $HOME_NET any -> [207.154.208.93] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900506458; rev:1;)
alert tcp $HOME_NET any -> [36.95.110.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.110.19/; sid:900506501; rev:1;)
alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900506508; rev:1;)
alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900506514; rev:1;)
alert tcp $HOME_NET any -> [138.197.109.175] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.109.175/; sid:900506570; rev:1;)
alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900506579; rev:1;)
alert tcp $HOME_NET any -> [120.150.218.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900506589; rev:1;)
alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900506590; rev:1;)
alert tcp $HOME_NET any -> [24.139.72.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.72.117/; sid:900506593; rev:1;)
alert tcp $HOME_NET any -> [73.151.236.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.151.236.31/; sid:900506596; rev:1;)
alert tcp $HOME_NET any -> [68.204.7.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.204.7.158/; sid:900506597; rev:1;)
alert tcp $HOME_NET any -> [173.21.10.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.10.71/; sid:900506600; rev:1;)
alert tcp $HOME_NET any -> [45.46.53.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.53.140/; sid:900506603; rev:1;)
alert tcp $HOME_NET any -> [217.17.56.163] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900506608; rev:1;)
alert tcp $HOME_NET any -> [76.25.142.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.25.142.196/; sid:900506617; rev:1;)
alert tcp $HOME_NET any -> [67.165.206.193] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.165.206.193/; sid:900506618; rev:1;)
alert tcp $HOME_NET any -> [109.12.111.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.12.111.14/; sid:900506625; rev:1;)
alert tcp $HOME_NET any -> [144.139.47.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.47.206/; sid:900506627; rev:1;)
alert tcp $HOME_NET any -> [50.29.166.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.29.166.232/; sid:900506629; rev:1;)
alert tcp $HOME_NET any -> [24.152.219.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.219.253/; sid:900506639; rev:1;)
alert tcp $HOME_NET any -> [89.137.52.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.137.52.44/; sid:900506702; rev:1;)
alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900506738; rev:1;)
alert tcp $HOME_NET any -> [212.112.86.37] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.86.37/; sid:900506750; rev:1;)
alert tcp $HOME_NET any -> [69.64.50.41] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.50.41/; sid:900506771; rev:1;)
alert tcp $HOME_NET any -> [45.90.108.123] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.90.108.123/; sid:900506785; rev:1;)
alert tcp $HOME_NET any -> [96.37.113.36] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.113.36/; sid:900506787; rev:1;)
alert tcp $HOME_NET any -> [211.172.241.52] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.172.241.52/; sid:900506811; rev:1;)
alert tcp $HOME_NET any -> [38.70.253.226] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.70.253.226/; sid:900506828; rev:1;)
alert tcp $HOME_NET any -> [212.237.17.99] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.17.99/; sid:900506860; rev:1;)
alert tcp $HOME_NET any -> [207.246.112.221] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900506865; rev:1;)
alert tcp $HOME_NET any -> [45.9.20.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900506867; rev:1;)
alert tcp $HOME_NET any -> [207.246.112.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900506869; rev:1;)
alert tcp $HOME_NET any -> [103.116.178.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900506903; rev:1;)
alert tcp $HOME_NET any -> [93.48.80.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.80.198/; sid:900506907; rev:1;)
alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900506910; rev:1;)
alert tcp $HOME_NET any -> [91.121.134.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.134.180/; sid:900506933; rev:1;)
alert tcp $HOME_NET any -> [216.238.71.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900506938; rev:1;)
alert tcp $HOME_NET any -> [216.238.71.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900506939; rev:1;)
alert tcp $HOME_NET any -> [216.238.72.121] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900506941; rev:1;)
alert tcp $HOME_NET any -> [216.238.72.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900506942; rev:1;)
alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900506952; rev:1;)
alert tcp $HOME_NET any -> [103.74.143.53] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.74.143.53/; sid:900506954; rev:1;)
alert tcp $HOME_NET any -> [71.13.93.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900506961; rev:1;)
alert tcp $HOME_NET any -> [202.51.122.163] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.122.163/; sid:900506979; rev:1;)
alert tcp $HOME_NET any -> [95.110.160.239] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.110.160.239/; sid:900507014; rev:1;)
alert tcp $HOME_NET any -> [198.61.167.176] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.167.176/; sid:900507015; rev:1;)
alert tcp $HOME_NET any -> [93.188.167.97] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.188.167.97/; sid:900507077; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.237] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.237/; sid:900507088; rev:1;)
alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900507094; rev:1;)
alert tcp $HOME_NET any -> [51.79.205.117] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.205.117/; sid:900507155; rev:1;)
alert tcp $HOME_NET any -> [185.99.2.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.197/; sid:900507159; rev:1;)
alert tcp $HOME_NET any -> [117.220.229.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.220.229.162/; sid:900507163; rev:1;)
alert tcp $HOME_NET any -> [110.172.137.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.137.20/; sid:900507167; rev:1;)
alert tcp $HOME_NET any -> [144.91.110.219] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.219/; sid:900507168; rev:1;)
alert tcp $HOME_NET any -> [67.207.95.35] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.95.35/; sid:900507171; rev:1;)
alert tcp $HOME_NET any -> [167.71.11.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.11.125/; sid:900507283; rev:1;)
alert tcp $HOME_NET any -> [117.54.140.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.140.98/; sid:900507295; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900507312; rev:1;)
alert tcp $HOME_NET any -> [128.199.192.135] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900507322; rev:1;)
alert tcp $HOME_NET any -> [46.55.222.11] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.11/; sid:900507323; rev:1;)
alert tcp $HOME_NET any -> [116.124.128.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.124.128.206/; sid:900507351; rev:1;)
alert tcp $HOME_NET any -> [198.27.67.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900507356; rev:1;)
alert tcp $HOME_NET any -> [91.207.181.106] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.181.106/; sid:900507361; rev:1;)
alert tcp $HOME_NET any -> [186.250.48.117] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900507372; rev:1;)
alert tcp $HOME_NET any -> [129.232.146.250] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.146.250/; sid:900507375; rev:1;)
alert tcp $HOME_NET any -> [176.31.163.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.163.17/; sid:900507392; rev:1;)
alert tcp $HOME_NET any -> [139.59.56.73] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.56.73/; sid:900507479; rev:1;)
alert tcp $HOME_NET any -> [134.209.247.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.247.135/; sid:900507511; rev:1;)
alert tcp $HOME_NET any -> [194.233.68.48] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.233.68.48/; sid:900507513; rev:1;)
alert tcp $HOME_NET any -> [144.91.122.94] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.94/; sid:900507519; rev:1;)
alert tcp $HOME_NET any -> [167.99.141.108] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.141.108/; sid:900507520; rev:1;)
alert tcp $HOME_NET any -> [37.59.74.180] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.74.180/; sid:900507521; rev:1;)
alert tcp $HOME_NET any -> [24.178.196.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.196.158/; sid:900507534; rev:1;)
alert tcp $HOME_NET any -> [149.135.101.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.101.20/; sid:900507536; rev:1;)
alert tcp $HOME_NET any -> [67.209.195.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.195.198/; sid:900507540; rev:1;)
alert tcp $HOME_NET any -> [106.51.48.170] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.48.170/; sid:900507549; rev:1;)
alert tcp $HOME_NET any -> [182.191.92.203] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.92.203/; sid:900507550; rev:1;)
alert tcp $HOME_NET any -> [82.152.39.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.152.39.39/; sid:900507558; rev:1;)
alert tcp $HOME_NET any -> [144.91.122.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.100/; sid:900507572; rev:1;)
alert tcp $HOME_NET any -> [31.35.28.29] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.35.28.29/; sid:900507591; rev:1;)
alert tcp $HOME_NET any -> [51.38.71.0] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.0/; sid:900507613; rev:1;)
alert tcp $HOME_NET any -> [69.14.172.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.14.172.24/; sid:900507623; rev:1;)
alert tcp $HOME_NET any -> [54.37.70.105] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900507624; rev:1;)
alert tcp $HOME_NET any -> [176.67.56.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.67.56.94/; sid:900507641; rev:1;)
alert tcp $HOME_NET any -> [91.121.146.47] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.146.47/; sid:900507656; rev:1;)
alert tcp $HOME_NET any -> [103.9.36.172] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.36.172/; sid:900507658; rev:1;)
alert tcp $HOME_NET any -> [72.66.116.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.66.116.235/; sid:900507661; rev:1;)
alert tcp $HOME_NET any -> [139.99.30.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.30.176/; sid:900507665; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900507670; rev:1;)
alert tcp $HOME_NET any -> [144.217.88.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.88.125/; sid:900507687; rev:1;)
alert tcp $HOME_NET any -> [78.96.235.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.96.235.245/; sid:900507756; rev:1;)
alert tcp $HOME_NET any -> [59.148.253.194] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900507760; rev:1;)
alert tcp $HOME_NET any -> [203.153.216.46] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.46/; sid:900507761; rev:1;)
alert tcp $HOME_NET any -> [74.63.218.139] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900507790; rev:1;)
alert tcp $HOME_NET any -> [62.141.45.103] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.141.45.103/; sid:900507792; rev:1;)
alert tcp $HOME_NET any -> [159.65.163.220] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.163.220/; sid:900507793; rev:1;)
alert tcp $HOME_NET any -> [128.199.93.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.93.156/; sid:900507795; rev:1;)
alert tcp $HOME_NET any -> [139.196.72.155] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.196.72.155/; sid:900507799; rev:1;)
alert tcp $HOME_NET any -> [138.197.64.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.64.211/; sid:900507813; rev:1;)
alert tcp $HOME_NET any -> [177.39.156.177] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.39.156.177/; sid:900507814; rev:1;)
alert tcp $HOME_NET any -> [76.23.237.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.23.237.163/; sid:900507822; rev:1;)
alert tcp $HOME_NET any -> [41.230.62.211] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.62.211/; sid:900507838; rev:1;)
alert tcp $HOME_NET any -> [89.86.33.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.86.33.217/; sid:900507855; rev:1;)
alert tcp $HOME_NET any -> [180.250.21.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900507857; rev:1;)
alert tcp $HOME_NET any -> [142.93.76.76] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900507858; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.78] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.78/; sid:900507864; rev:1;)
alert tcp $HOME_NET any -> [54.37.106.167] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900507865; rev:1;)
alert tcp $HOME_NET any -> [172.105.115.71] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.115.71/; sid:900507866; rev:1;)
alert tcp $HOME_NET any -> [73.67.152.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.67.152.98/; sid:900507887; rev:1;)
alert tcp $HOME_NET any -> [100.1.108.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.108.246/; sid:900507925; rev:1;)
alert tcp $HOME_NET any -> [217.128.122.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.122.65/; sid:900507952; rev:1;)
alert tcp $HOME_NET any -> [75.99.168.194] 61201 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900507955; rev:1;)
alert tcp $HOME_NET any -> [75.99.168.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900507961; rev:1;)
alert tcp $HOME_NET any -> [208.107.221.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.221.224/; sid:900507965; rev:1;)
alert tcp $HOME_NET any -> [173.174.216.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.174.216.62/; sid:900507971; rev:1;)
alert tcp $HOME_NET any -> [82.41.63.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.41.63.217/; sid:900507979; rev:1;)
alert tcp $HOME_NET any -> [144.202.2.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900507990; rev:1;)
alert tcp $HOME_NET any -> [144.202.2.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900507993; rev:1;)
alert tcp $HOME_NET any -> [47.23.89.60] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.60/; sid:900507995; rev:1;)
alert tcp $HOME_NET any -> [50.30.40.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.30.40.196/; sid:900508001; rev:1;)
alert tcp $HOME_NET any -> [196.203.37.215] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.203.37.215/; sid:900508012; rev:1;)
alert tcp $HOME_NET any -> [159.65.253.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.253.201/; sid:900508015; rev:1;)
alert tcp $HOME_NET any -> [150.95.20.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900508016; rev:1;)
alert tcp $HOME_NET any -> [103.44.138.22] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.44.138.22/; sid:900508017; rev:1;)
alert tcp $HOME_NET any -> [68.183.62.61] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.62.61/; sid:900508023; rev:1;)
alert tcp $HOME_NET any -> [136.243.32.168] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.32.168/; sid:900508032; rev:1;)
alert tcp $HOME_NET any -> [76.70.9.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.70.9.169/; sid:900508039; rev:1;)
alert tcp $HOME_NET any -> [47.156.191.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.191.217/; sid:900508055; rev:1;)
alert tcp $HOME_NET any -> [80.11.74.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.74.81/; sid:900508083; rev:1;)
alert tcp $HOME_NET any -> [24.55.67.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.67.176/; sid:900508087; rev:1;)
alert tcp $HOME_NET any -> [191.99.191.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.191.28/; sid:900508094; rev:1;)
alert tcp $HOME_NET any -> [111.125.245.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.245.118/; sid:900508097; rev:1;)
alert tcp $HOME_NET any -> [91.177.173.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.177.173.10/; sid:900508101; rev:1;)
alert tcp $HOME_NET any -> [47.156.131.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.131.10/; sid:900508109; rev:1;)
alert tcp $HOME_NET any -> [209.126.98.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.98.206/; sid:900508113; rev:1;)
alert tcp $HOME_NET any -> [183.82.103.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.103.213/; sid:900508117; rev:1;)
alert tcp $HOME_NET any -> [51.254.140.238] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900508120; rev:1;)
alert tcp $HOME_NET any -> [103.75.201.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.2/; sid:900508121; rev:1;)
alert tcp $HOME_NET any -> [172.114.160.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508125; rev:1;)
alert tcp $HOME_NET any -> [172.114.160.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508126; rev:1;)
alert tcp $HOME_NET any -> [86.195.158.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.158.178/; sid:900508127; rev:1;)
alert tcp $HOME_NET any -> [70.46.220.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.220.114/; sid:900508132; rev:1;)
alert tcp $HOME_NET any -> [210.246.4.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.246.4.69/; sid:900508133; rev:1;)
alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900508142; rev:1;)
alert tcp $HOME_NET any -> [175.145.235.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.145.235.37/; sid:900508147; rev:1;)
alert tcp $HOME_NET any -> [24.43.99.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.99.75/; sid:900508155; rev:1;)
alert tcp $HOME_NET any -> [146.59.226.45] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.226.45/; sid:900508175; rev:1;)
alert tcp $HOME_NET any -> [192.99.251.50] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.251.50/; sid:900508177; rev:1;)
alert tcp $HOME_NET any -> [217.79.180.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.180.211/; sid:900508181; rev:1;)
alert tcp $HOME_NET any -> [51.210.176.76] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.176.76/; sid:900508182; rev:1;)
alert tcp $HOME_NET any -> [45.63.1.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900508185; rev:1;)
alert tcp $HOME_NET any -> [149.28.238.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900508186; rev:1;)
alert tcp $HOME_NET any -> [45.76.167.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900508187; rev:1;)
alert tcp $HOME_NET any -> [144.202.3.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900508188; rev:1;)
alert tcp $HOME_NET any -> [144.202.3.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900508189; rev:1;)
alert tcp $HOME_NET any -> [149.28.238.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900508190; rev:1;)
alert tcp $HOME_NET any -> [45.63.1.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900508191; rev:1;)
alert tcp $HOME_NET any -> [45.76.167.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900508192; rev:1;)
alert tcp $HOME_NET any -> [140.82.63.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900508193; rev:1;)
alert tcp $HOME_NET any -> [140.82.63.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900508194; rev:1;)
alert tcp $HOME_NET any -> [72.76.94.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.76.94.99/; sid:900508198; rev:1;)
alert tcp $HOME_NET any -> [5.32.41.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.41.45/; sid:900508214; rev:1;)
alert tcp $HOME_NET any -> [108.60.213.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.60.213.141/; sid:900508225; rev:1;)
alert tcp $HOME_NET any -> [172.104.22.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.22.23/; sid:900508236; rev:1;)
alert tcp $HOME_NET any -> [82.165.145.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900508237; rev:1;)
alert tcp $HOME_NET any -> [213.32.75.32] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.75.32/; sid:900508256; rev:1;)
alert tcp $HOME_NET any -> [54.36.185.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.185.63/; sid:900508258; rev:1;)
alert tcp $HOME_NET any -> [103.253.145.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.145.28/; sid:900508259; rev:1;)
alert tcp $HOME_NET any -> [148.64.96.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900508263; rev:1;)
alert tcp $HOME_NET any -> [2.34.12.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.34.12.8/; sid:900508267; rev:1;)
alert tcp $HOME_NET any -> [119.193.124.41] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.193.124.41/; sid:900508284; rev:1;)
alert tcp $HOME_NET any -> [165.22.61.235] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.61.235/; sid:900508285; rev:1;)
alert tcp $HOME_NET any -> [121.78.112.42] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.78.112.42/; sid:900508286; rev:1;)
alert tcp $HOME_NET any -> [216.10.251.121] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900508287; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.234] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900508290; rev:1;)
alert tcp $HOME_NET any -> [116.125.120.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.125.120.88/; sid:900508291; rev:1;)
alert tcp $HOME_NET any -> [47.23.89.62] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900508295; rev:1;)
alert tcp $HOME_NET any -> [47.23.89.62] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900508296; rev:1;)
alert tcp $HOME_NET any -> [172.115.177.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.177.204/; sid:900508297; rev:1;)
alert tcp $HOME_NET any -> [174.69.215.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.69.215.101/; sid:900508298; rev:1;)
alert tcp $HOME_NET any -> [149.56.128.192] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.128.192/; sid:900508316; rev:1;)
alert tcp $HOME_NET any -> [188.166.229.148] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.229.148/; sid:900508320; rev:1;)
alert tcp $HOME_NET any -> [138.197.90.158] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.90.158/; sid:900508329; rev:1;)
alert tcp $HOME_NET any -> [40.134.246.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.246.185/; sid:900508333; rev:1;)
alert tcp $HOME_NET any -> [202.134.152.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.152.2/; sid:900508336; rev:1;)
alert tcp $HOME_NET any -> [51.91.76.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900508345; rev:1;)
alert tcp $HOME_NET any -> [58.227.42.236] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.227.42.236/; sid:900508349; rev:1;)
alert tcp $HOME_NET any -> [134.209.240.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.102/; sid:900508353; rev:1;)
alert tcp $HOME_NET any -> [165.22.246.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.246.219/; sid:900508358; rev:1;)
alert tcp $HOME_NET any -> [54.38.143.246] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900508359; rev:1;)
alert tcp $HOME_NET any -> [202.29.239.162] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.162/; sid:900508360; rev:1;)
alert tcp $HOME_NET any -> [86.98.208.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.208.214/; sid:900508395; rev:1;)
alert tcp $HOME_NET any -> [203.122.46.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.46.130/; sid:900508397; rev:1;)
alert tcp $HOME_NET any -> [179.158.105.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.105.44/; sid:900508419; rev:1;)
alert tcp $HOME_NET any -> [90.120.65.153] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.120.65.153/; sid:900508425; rev:1;)
alert tcp $HOME_NET any -> [103.87.95.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.95.133/; sid:900508433; rev:1;)
alert tcp $HOME_NET any -> [187.102.135.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.142/; sid:900508434; rev:1;)
alert tcp $HOME_NET any -> [50.116.19.225] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.19.225/; sid:900508446; rev:1;)
alert tcp $HOME_NET any -> [45.55.63.166] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.63.166/; sid:900508451; rev:1;)
alert tcp $HOME_NET any -> [79.129.121.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.121.68/; sid:900508453; rev:1;)
alert tcp $HOME_NET any -> [103.88.226.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.88.226.30/; sid:900508456; rev:1;)
alert tcp $HOME_NET any -> [176.104.106.96] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.104.106.96/; sid:900508482; rev:1;)
alert tcp $HOME_NET any -> [190.252.242.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.242.69/; sid:900508486; rev:1;)
alert tcp $HOME_NET any -> [45.176.232.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.176.232.125/; sid:900508491; rev:1;)
alert tcp $HOME_NET any -> [32.221.224.140] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.224.140/; sid:900508501; rev:1;)
alert tcp $HOME_NET any -> [85.246.82.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.246.82.244/; sid:900508503; rev:1;)
alert tcp $HOME_NET any -> [187.250.114.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.114.15/; sid:900508504; rev:1;)
alert tcp $HOME_NET any -> [58.105.167.36] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.105.167.36/; sid:900508523; rev:1;)
alert tcp $HOME_NET any -> [103.107.113.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.120/; sid:900508525; rev:1;)
alert tcp $HOME_NET any -> [46.107.48.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.107.48.202/; sid:900508530; rev:1;)
alert tcp $HOME_NET any -> [41.38.167.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.38.167.179/; sid:900508540; rev:1;)
alert tcp $HOME_NET any -> [109.228.220.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.220.196/; sid:900508546; rev:1;)
alert tcp $HOME_NET any -> [37.34.253.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.253.233/; sid:900508549; rev:1;)
alert tcp $HOME_NET any -> [102.182.232.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.232.3/; sid:900508550; rev:1;)
alert tcp $HOME_NET any -> [149.56.131.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.131.28/; sid:900508556; rev:1;)
alert tcp $HOME_NET any -> [81.215.196.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.196.174/; sid:900508561; rev:1;)
alert tcp $HOME_NET any -> [181.208.248.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.208.248.227/; sid:900508567; rev:1;)
alert tcp $HOME_NET any -> [103.139.243.207] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900508569; rev:1;)
alert tcp $HOME_NET any -> [94.36.195.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.250/; sid:900508586; rev:1;)
alert tcp $HOME_NET any -> [92.132.172.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.172.197/; sid:900508592; rev:1;)
alert tcp $HOME_NET any -> [37.186.54.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.254/; sid:900508595; rev:1;)
alert tcp $HOME_NET any -> [187.251.132.144] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.251.132.144/; sid:900508597; rev:1;)
alert tcp $HOME_NET any -> [103.246.242.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.246.242.202/; sid:900508600; rev:1;)
alert tcp $HOME_NET any -> [217.164.210.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.210.192/; sid:900508602; rev:1;)
alert tcp $HOME_NET any -> [121.74.167.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.167.191/; sid:900508603; rev:1;)
alert tcp $HOME_NET any -> [125.168.47.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.168.47.127/; sid:900508604; rev:1;)
alert tcp $HOME_NET any -> [187.172.232.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.232.250/; sid:900508617; rev:1;)
alert tcp $HOME_NET any -> [103.133.11.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.133.11.10/; sid:900508620; rev:1;)
alert tcp $HOME_NET any -> [187.207.47.198] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.47.198/; sid:900508621; rev:1;)
alert tcp $HOME_NET any -> [2.50.4.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.57/; sid:900508628; rev:1;)
alert tcp $HOME_NET any -> [217.164.76.203] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.76.203/; sid:900508638; rev:1;)
alert tcp $HOME_NET any -> [94.23.45.86] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900508644; rev:1;)
alert tcp $HOME_NET any -> [179.174.52.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.174.52.27/; sid:900508647; rev:1;)
alert tcp $HOME_NET any -> [72.12.115.71] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.115.71/; sid:900508651; rev:1;)
alert tcp $HOME_NET any -> [62.75.251.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900508652; rev:1;)
alert tcp $HOME_NET any -> [93.104.209.56] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.104.209.56/; sid:900508653; rev:1;)
alert tcp $HOME_NET any -> [103.85.160.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.85.160.5/; sid:900508654; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.199] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900508655; rev:1;)
alert tcp $HOME_NET any -> [49.231.16.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.16.102/; sid:900508656; rev:1;)
alert tcp $HOME_NET any -> [114.79.130.68] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900508660; rev:1;)
alert tcp $HOME_NET any -> [138.197.147.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.147.101/; sid:900508662; rev:1;)
alert tcp $HOME_NET any -> [134.195.212.50] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.195.212.50/; sid:900508663; rev:1;)
alert tcp $HOME_NET any -> [104.168.154.79] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900508664; rev:1;)
alert tcp $HOME_NET any -> [121.7.223.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.59/; sid:900508665; rev:1;)
alert tcp $HOME_NET any -> [86.98.156.198] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.198/; sid:900508667; rev:1;)
alert tcp $HOME_NET any -> [189.146.73.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.73.62/; sid:900508669; rev:1;)
alert tcp $HOME_NET any -> [46.198.215.152] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.215.152/; sid:900508673; rev:1;)
alert tcp $HOME_NET any -> [189.27.113.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.27.113.73/; sid:900508674; rev:1;)
alert tcp $HOME_NET any -> [142.184.161.168] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.184.161.168/; sid:900508679; rev:1;)
alert tcp $HOME_NET any -> [180.183.134.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.134.56/; sid:900508680; rev:1;)
alert tcp $HOME_NET any -> [68.183.91.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.91.111/; sid:900508683; rev:1;)
alert tcp $HOME_NET any -> [164.52.194.45] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.52.194.45/; sid:900508684; rev:1;)
alert tcp $HOME_NET any -> [138.201.142.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.142.73/; sid:900508685; rev:1;)
alert tcp $HOME_NET any -> [37.210.160.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.160.58/; sid:900508686; rev:1;)
alert tcp $HOME_NET any -> [70.51.153.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.189/; sid:900508687; rev:1;)
alert tcp $HOME_NET any -> [72.252.157.172] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900508688; rev:1;)
alert tcp $HOME_NET any -> [217.160.107.189] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900508689; rev:1;)
alert tcp $HOME_NET any -> [119.59.98.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.98.59/; sid:900508690; rev:1;)
alert tcp $HOME_NET any -> [174.95.174.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.95.174.163/; sid:900508696; rev:1;)
alert tcp $HOME_NET any -> [201.172.23.68] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.23.68/; sid:900508697; rev:1;)
alert tcp $HOME_NET any -> [72.252.157.172] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900508700; rev:1;)
alert tcp $HOME_NET any -> [83.110.93.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.93.205/; sid:900508704; rev:1;)
alert tcp $HOME_NET any -> [139.59.44.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.44.48/; sid:900508706; rev:1;)
alert tcp $HOME_NET any -> [74.14.7.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.7.71/; sid:900508707; rev:1;)
alert tcp $HOME_NET any -> [167.86.191.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.191.84/; sid:900508708; rev:1;)
alert tcp $HOME_NET any -> [85.96.46.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.46.255/; sid:900508709; rev:1;)
alert tcp $HOME_NET any -> [102.65.38.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.74/; sid:900508710; rev:1;)
alert tcp $HOME_NET any -> [187.58.79.229] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.79.229/; sid:900508711; rev:1;)
alert tcp $HOME_NET any -> [148.0.57.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.57.85/; sid:900508712; rev:1;)
alert tcp $HOME_NET any -> [197.89.17.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.104/; sid:900508713; rev:1;)
alert tcp $HOME_NET any -> [104.34.212.7] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.34.212.7/; sid:900508714; rev:1;)
alert tcp $HOME_NET any -> [190.74.239.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.239.37/; sid:900508715; rev:1;)
alert tcp $HOME_NET any -> [179.99.49.37] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.99.49.37/; sid:900508716; rev:1;)
alert tcp $HOME_NET any -> [101.51.79.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.79.185/; sid:900508717; rev:1;)
alert tcp $HOME_NET any -> [70.51.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.227/; sid:900508718; rev:1;)
alert tcp $HOME_NET any -> [81.155.87.247] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.155.87.247/; sid:900508719; rev:1;)
alert tcp $HOME_NET any -> [187.208.137.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.137.144/; sid:900508720; rev:1;)
alert tcp $HOME_NET any -> [31.215.184.145] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.184.145/; sid:900508721; rev:1;)
alert tcp $HOME_NET any -> [31.215.71.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.71.174/; sid:900508722; rev:1;)
alert tcp $HOME_NET any -> [176.31.73.90] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.73.90/; sid:900508723; rev:1;)
alert tcp $HOME_NET any -> [45.76.159.214] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.159.214/; sid:900508724; rev:1;)
alert tcp $HOME_NET any -> [180.129.20.164] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.20.164/; sid:900508725; rev:1;)
alert tcp $HOME_NET any -> [183.88.61.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.88.61.229/; sid:900508726; rev:1;)
alert tcp $HOME_NET any -> [118.161.9.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900508727; rev:1;)
alert tcp $HOME_NET any -> [98.22.246.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.246.169/; sid:900508728; rev:1;)
alert tcp $HOME_NET any -> [118.161.9.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900508729; rev:1;)
alert tcp $HOME_NET any -> [86.98.78.42] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.42/; sid:900508730; rev:1;)
alert tcp $HOME_NET any -> [39.44.144.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.144.64/; sid:900508731; rev:1;)
alert tcp $HOME_NET any -> [45.241.170.130] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.170.130/; sid:900508732; rev:1;)
alert tcp $HOME_NET any -> [85.214.93.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.214.93.93/; sid:900508733; rev:1;)
alert tcp $HOME_NET any -> [178.62.112.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.112.199/; sid:900508734; rev:1;)
alert tcp $HOME_NET any -> [45.241.145.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.100/; sid:900508735; rev:1;)
alert tcp $HOME_NET any -> [85.96.45.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.45.51/; sid:900508736; rev:1;)
alert tcp $HOME_NET any -> [165.22.211.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.211.113/; sid:900508737; rev:1;)
alert tcp $HOME_NET any -> [139.59.60.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.60.88/; sid:900508738; rev:1;)
alert tcp $HOME_NET any -> [96.125.171.165] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.125.171.165/; sid:900508739; rev:1;)
alert tcp $HOME_NET any -> [178.128.82.218] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.82.218/; sid:900508740; rev:1;)
alert tcp $HOME_NET any -> [103.221.221.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.221.221.164/; sid:900508741; rev:1;)
alert tcp $HOME_NET any -> [46.176.222.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.222.34/; sid:900508742; rev:1;)
alert tcp $HOME_NET any -> [39.57.23.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.23.116/; sid:900508743; rev:1;)
alert tcp $HOME_NET any -> [41.84.241.23] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.241.23/; sid:900508744; rev:1;)
alert tcp $HOME_NET any -> [185.249.85.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.175/; sid:900508745; rev:1;)
alert tcp $HOME_NET any -> [113.89.5.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.5.252/; sid:900508746; rev:1;)
alert tcp $HOME_NET any -> [78.180.88.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.88.120/; sid:900508747; rev:1;)
alert tcp $HOME_NET any -> [197.89.108.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.108.36/; sid:900508748; rev:1;)
alert tcp $HOME_NET any -> [94.59.56.46] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900508749; rev:1;)
alert tcp $HOME_NET any -> [191.112.14.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.14.1/; sid:900508750; rev:1;)
alert tcp $HOME_NET any -> [94.59.56.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900508751; rev:1;)
alert tcp $HOME_NET any -> [1.161.104.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900508752; rev:1;)
alert tcp $HOME_NET any -> [1.161.104.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900508753; rev:1;)
alert tcp $HOME_NET any -> [83.110.218.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.155/; sid:900508754; rev:1;)
alert tcp $HOME_NET any -> [83.79.122.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.79.122.192/; sid:900508755; rev:1;)
alert tcp $HOME_NET any -> [86.132.13.91] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.13.91/; sid:900508756; rev:1;)
alert tcp $HOME_NET any -> [187.172.170.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.170.129/; sid:900508757; rev:1;)
alert tcp $HOME_NET any -> [187.114.156.142] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.114.156.142/; sid:900508758; rev:1;)
alert tcp $HOME_NET any -> [186.64.67.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.8/; sid:900508759; rev:1;)
alert tcp $HOME_NET any -> [39.33.211.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.211.246/; sid:900508760; rev:1;)
alert tcp $HOME_NET any -> [189.146.78.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.78.175/; sid:900508761; rev:1;)
alert tcp $HOME_NET any -> [103.139.243.207] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900508762; rev:1;)
alert tcp $HOME_NET any -> [217.164.117.87] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.87/; sid:900508763; rev:1;)
alert tcp $HOME_NET any -> [184.100.157.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.100.157.205/; sid:900508764; rev:1;)
alert tcp $HOME_NET any -> [197.94.84.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.84.67/; sid:900508765; rev:1;)
alert tcp $HOME_NET any -> [194.36.28.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.102/; sid:900508766; rev:1;)
alert tcp $HOME_NET any -> [179.179.162.9] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.179.162.9/; sid:900508767; rev:1;)
alert tcp $HOME_NET any -> [141.237.86.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.86.114/; sid:900508768; rev:1;)
alert tcp $HOME_NET any -> [94.36.195.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.102/; sid:900508769; rev:1;)
alert tcp $HOME_NET any -> [217.118.46.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.118.46.41/; sid:900508770; rev:1;)
alert tcp $HOME_NET any -> [177.102.2.175] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.102.2.175/; sid:900508771; rev:1;)
alert tcp $HOME_NET any -> [39.33.170.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.170.57/; sid:900508772; rev:1;)
alert tcp $HOME_NET any -> [187.102.135.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.141/; sid:900508773; rev:1;)
alert tcp $HOME_NET any -> [70.51.152.61] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.61/; sid:900508774; rev:1;)
alert tcp $HOME_NET any -> [187.208.0.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.0.99/; sid:900508775; rev:1;)
alert tcp $HOME_NET any -> [201.142.133.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.133.198/; sid:900508776; rev:1;)
alert tcp $HOME_NET any -> [118.161.34.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.34.21/; sid:900508777; rev:1;)
alert tcp $HOME_NET any -> [89.211.182.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.182.31/; sid:900508779; rev:1;)
alert tcp $HOME_NET any -> [88.228.251.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.228.251.169/; sid:900508780; rev:1;)
alert tcp $HOME_NET any -> [217.165.84.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.177/; sid:900508781; rev:1;)
alert tcp $HOME_NET any -> [39.57.56.19] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.56.19/; sid:900508782; rev:1;)
alert tcp $HOME_NET any -> [83.110.89.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.191/; sid:900508785; rev:1;)
alert tcp $HOME_NET any -> [197.89.6.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.6.37/; sid:900508786; rev:1;)
alert tcp $HOME_NET any -> [188.50.241.63] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.241.63/; sid:900508787; rev:1;)
alert tcp $HOME_NET any -> [78.100.197.230] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.197.230/; sid:900508788; rev:1;)
alert tcp $HOME_NET any -> [86.98.78.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.177/; sid:900508789; rev:1;)
alert tcp $HOME_NET any -> [197.162.117.38] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.162.117.38/; sid:900508790; rev:1;)
alert tcp $HOME_NET any -> [185.249.85.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.200/; sid:900508791; rev:1;)
alert tcp $HOME_NET any -> [186.90.153.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.153.162/; sid:900508792; rev:1;)
alert tcp $HOME_NET any -> [101.51.76.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.76.46/; sid:900508793; rev:1;)
alert tcp $HOME_NET any -> [45.241.145.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.155/; sid:900508794; rev:1;)
alert tcp $HOME_NET any -> [78.100.235.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.235.8/; sid:900508795; rev:1;)
alert tcp $HOME_NET any -> [201.42.3.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.42.3.27/; sid:900508796; rev:1;)
alert tcp $HOME_NET any -> [124.40.244.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.40.244.118/; sid:900508797; rev:1;)
alert tcp $HOME_NET any -> [86.97.246.216] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.216/; sid:900508798; rev:1;)
alert tcp $HOME_NET any -> [201.1.202.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.1.202.82/; sid:900508799; rev:1;)
alert tcp $HOME_NET any -> [189.26.55.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.26.55.114/; sid:900508800; rev:1;)
alert tcp $HOME_NET any -> [191.251.134.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.251.134.129/; sid:900508801; rev:1;)
alert tcp $HOME_NET any -> [86.97.8.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.200/; sid:900508802; rev:1;)
alert tcp $HOME_NET any -> [70.51.137.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.64/; sid:900508803; rev:1;)
alert tcp $HOME_NET any -> [103.107.113.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.84/; sid:900508804; rev:1;)
alert tcp $HOME_NET any -> [187.172.191.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.191.97/; sid:900508805; rev:1;)
alert tcp $HOME_NET any -> [173.22.32.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.32.101/; sid:900508806; rev:1;)
alert tcp $HOME_NET any -> [46.103.186.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.103.186.43/; sid:900508807; rev:1;)
alert tcp $HOME_NET any -> [63.142.250.212] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.250.212/; sid:900508808; rev:1;)
alert tcp $HOME_NET any -> [150.95.66.124] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.66.124/; sid:900508809; rev:1;)
alert tcp $HOME_NET any -> [189.146.87.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.87.77/; sid:900508810; rev:1;)
alert tcp $HOME_NET any -> [39.44.86.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.86.21/; sid:900508811; rev:1;)
alert tcp $HOME_NET any -> [86.190.159.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.159.132/; sid:900508812; rev:1;)
alert tcp $HOME_NET any -> [23.239.0.12] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.0.12/; sid:900508813; rev:1;)
alert tcp $HOME_NET any -> [187.207.131.50] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.131.50/; sid:900508814; rev:1;)
alert tcp $HOME_NET any -> [217.164.119.236] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900508815; rev:1;)
alert tcp $HOME_NET any -> [37.210.156.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.156.191/; sid:900508816; rev:1;)
alert tcp $HOME_NET any -> [102.65.16.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.16.245/; sid:900508817; rev:1;)
alert tcp $HOME_NET any -> [85.107.161.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.107.161.25/; sid:900508818; rev:1;)
alert tcp $HOME_NET any -> [176.45.216.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.216.134/; sid:900508819; rev:1;)
alert tcp $HOME_NET any -> [217.164.119.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900508820; rev:1;)
alert tcp $HOME_NET any -> [39.49.48.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.48.82/; sid:900508821; rev:1;)
alert tcp $HOME_NET any -> [187.208.122.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.122.239/; sid:900508822; rev:1;)
alert tcp $HOME_NET any -> [186.105.98.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.98.35/; sid:900508823; rev:1;)
alert tcp $HOME_NET any -> [158.69.222.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.222.101/; sid:900508824; rev:1;)
alert tcp $HOME_NET any -> [1.161.66.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.66.82/; sid:900508825; rev:1;)
alert tcp $HOME_NET any -> [31.215.102.193] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.102.193/; sid:900508826; rev:1;)
alert tcp $HOME_NET any -> [39.44.66.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.66.76/; sid:900508827; rev:1;)
alert tcp $HOME_NET any -> [104.248.225.227] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.225.227/; sid:900508828; rev:1;)
alert tcp $HOME_NET any -> [188.225.32.231] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.32.231/; sid:900508829; rev:1;)
alert tcp $HOME_NET any -> [39.44.178.7] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.178.7/; sid:900508830; rev:1;)
alert tcp $HOME_NET any -> [81.129.112.49] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.112.49/; sid:900508831; rev:1;)
alert tcp $HOME_NET any -> [146.66.139.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.14/; sid:900508832; rev:1;)
alert tcp $HOME_NET any -> [197.89.17.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.146/; sid:900508833; rev:1;)
alert tcp $HOME_NET any -> [217.165.147.77] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.77/; sid:900508834; rev:1;)
alert tcp $HOME_NET any -> [186.90.13.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.13.85/; sid:900508835; rev:1;)
alert tcp $HOME_NET any -> [78.183.159.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.183.159.152/; sid:900508837; rev:1;)
alert tcp $HOME_NET any -> [47.157.227.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.227.70/; sid:900508838; rev:1;)
alert tcp $HOME_NET any -> [1.234.21.73] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900508839; rev:1;)
alert tcp $HOME_NET any -> [103.224.242.13] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.242.13/; sid:900508840; rev:1;)
alert tcp $HOME_NET any -> [45.226.53.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.53.34/; sid:900508841; rev:1;)
alert tcp $HOME_NET any -> [37.208.145.168] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.145.168/; sid:900508843; rev:1;)
alert tcp $HOME_NET any -> [39.49.31.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.31.161/; sid:900508844; rev:1;)
alert tcp $HOME_NET any -> [1.161.100.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.100.47/; sid:900508845; rev:1;)
alert tcp $HOME_NET any -> [37.210.158.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.158.242/; sid:900508846; rev:1;)
alert tcp $HOME_NET any -> [197.89.12.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.59/; sid:900508847; rev:1;)
alert tcp $HOME_NET any -> [197.164.163.81] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.163.81/; sid:900508848; rev:1;)
alert tcp $HOME_NET any -> [179.145.13.69] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.145.13.69/; sid:900508849; rev:1;)
alert tcp $HOME_NET any -> [172.105.70.96] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.70.96/; sid:900508850; rev:1;)
alert tcp $HOME_NET any -> [187.16.64.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.16.64.194/; sid:900508851; rev:1;)
alert tcp $HOME_NET any -> [200.109.56.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.56.159/; sid:900508852; rev:1;)
alert tcp $HOME_NET any -> [63.250.39.66] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.250.39.66/; sid:900508853; rev:1;)
alert tcp $HOME_NET any -> [178.62.21.18] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.21.18/; sid:900508854; rev:1;)
alert tcp $HOME_NET any -> [5.193.138.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.138.70/; sid:900508855; rev:1;)
alert tcp $HOME_NET any -> [148.0.15.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.15.41/; sid:900508856; rev:1;)
alert tcp $HOME_NET any -> [187.149.227.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.152/; sid:900508857; rev:1;)
alert tcp $HOME_NET any -> [177.157.156.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.157.156.136/; sid:900508858; rev:1;)
alert tcp $HOME_NET any -> [103.107.113.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.82/; sid:900508859; rev:1;)
alert tcp $HOME_NET any -> [83.110.88.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.88.196/; sid:900508860; rev:1;)
alert tcp $HOME_NET any -> [103.8.26.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.17/; sid:900508861; rev:1;)
alert tcp $HOME_NET any -> [134.122.119.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.119.23/; sid:900508862; rev:1;)
alert tcp $HOME_NET any -> [41.215.158.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.158.114/; sid:900508863; rev:1;)
alert tcp $HOME_NET any -> [217.164.120.210] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.120.210/; sid:900508864; rev:1;)
alert tcp $HOME_NET any -> [78.100.199.234] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.199.234/; sid:900508865; rev:1;)
alert tcp $HOME_NET any -> [200.148.9.225] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.148.9.225/; sid:900508866; rev:1;)
alert tcp $HOME_NET any -> [37.210.145.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.145.41/; sid:900508867; rev:1;)
alert tcp $HOME_NET any -> [116.30.7.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.7.55/; sid:900508868; rev:1;)
alert tcp $HOME_NET any -> [83.110.219.20] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.219.20/; sid:900508869; rev:1;)
alert tcp $HOME_NET any -> [31.215.70.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.187/; sid:900508870; rev:1;)
alert tcp $HOME_NET any -> [41.215.153.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.153.62/; sid:900508871; rev:1;)
alert tcp $HOME_NET any -> [191.250.188.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.250.188.54/; sid:900508872; rev:1;)
alert tcp $HOME_NET any -> [89.29.244.7] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.29.244.7/; sid:900508873; rev:1;)
alert tcp $HOME_NET any -> [173.239.37.178] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.239.37.178/; sid:900508874; rev:1;)
alert tcp $HOME_NET any -> [39.41.132.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.132.180/; sid:900508875; rev:1;)
alert tcp $HOME_NET any -> [39.44.46.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.46.206/; sid:900508876; rev:1;)
alert tcp $HOME_NET any -> [83.110.89.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.53/; sid:900508877; rev:1;)
alert tcp $HOME_NET any -> [197.161.51.29] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.51.29/; sid:900508878; rev:1;)
alert tcp $HOME_NET any -> [95.12.16.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.12.16.233/; sid:900508879; rev:1;)
alert tcp $HOME_NET any -> [39.49.33.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.33.65/; sid:900508880; rev:1;)
alert tcp $HOME_NET any -> [197.92.130.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.130.121/; sid:900508881; rev:1;)
alert tcp $HOME_NET any -> [31.215.214.100] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.100/; sid:900508882; rev:1;)
alert tcp $HOME_NET any -> [125.24.203.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.203.79/; sid:900508883; rev:1;)
alert tcp $HOME_NET any -> [41.84.236.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.236.153/; sid:900508884; rev:1;)
alert tcp $HOME_NET any -> [89.211.209.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.209.105/; sid:900508885; rev:1;)
alert tcp $HOME_NET any -> [189.223.134.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.134.157/; sid:900508886; rev:1;)
alert tcp $HOME_NET any -> [118.161.37.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900508887; rev:1;)
alert tcp $HOME_NET any -> [197.89.8.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.179/; sid:900508888; rev:1;)
alert tcp $HOME_NET any -> [83.110.94.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.94.23/; sid:900508889; rev:1;)
alert tcp $HOME_NET any -> [5.54.49.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.49.78/; sid:900508890; rev:1;)
alert tcp $HOME_NET any -> [45.241.215.15] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.215.15/; sid:900508891; rev:1;)
alert tcp $HOME_NET any -> [89.211.185.1] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.185.1/; sid:900508892; rev:1;)
alert tcp $HOME_NET any -> [31.215.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.115/; sid:900508893; rev:1;)
alert tcp $HOME_NET any -> [39.49.44.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.44.239/; sid:900508894; rev:1;)
alert tcp $HOME_NET any -> [113.89.6.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.6.31/; sid:900508895; rev:1;)
alert tcp $HOME_NET any -> [113.53.145.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.53.145.118/; sid:900508896; rev:1;)
alert tcp $HOME_NET any -> [217.165.109.187] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.187/; sid:900508897; rev:1;)
alert tcp $HOME_NET any -> [50.2.217.16] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.2.217.16/; sid:900508898; rev:1;)
alert tcp $HOME_NET any -> [188.166.217.40] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.217.40/; sid:900508899; rev:1;)
alert tcp $HOME_NET any -> [216.10.251.121] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900508900; rev:1;)
alert tcp $HOME_NET any -> [79.80.80.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.80.80.29/; sid:900508901; rev:1;)
alert tcp $HOME_NET any -> [193.124.206.225] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.206.225/; sid:900508902; rev:1;)
alert tcp $HOME_NET any -> [45.10.24.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.10.24.134/; sid:900508903; rev:1;)
alert tcp $HOME_NET any -> [51.91.142.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.26/; sid:900508904; rev:1;)
alert tcp $HOME_NET any -> [165.227.166.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.166.238/; sid:900508905; rev:1;)
alert tcp $HOME_NET any -> [167.172.248.70] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.248.70/; sid:900508906; rev:1;)
alert tcp $HOME_NET any -> [92.114.18.20] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.114.18.20/; sid:900508907; rev:1;)
alert tcp $HOME_NET any -> [169.45.124.186] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.45.124.186/; sid:900508908; rev:1;)
alert tcp $HOME_NET any -> [149.28.156.183] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.156.183/; sid:900508909; rev:1;)
alert tcp $HOME_NET any -> [142.93.47.112] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.47.112/; sid:900508910; rev:1;)
alert tcp $HOME_NET any -> [39.33.216.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.216.128/; sid:900508912; rev:1;)
alert tcp $HOME_NET any -> [180.129.108.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.108.214/; sid:900508913; rev:1;)
alert tcp $HOME_NET any -> [118.161.37.101] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900508914; rev:1;)
alert tcp $HOME_NET any -> [173.82.82.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.82.82.196/; sid:900508915; rev:1;)
alert tcp $HOME_NET any -> [159.89.202.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.202.34/; sid:900508916; rev:1;)
alert tcp $HOME_NET any -> [165.22.73.229] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.73.229/; sid:900508917; rev:1;)
alert tcp $HOME_NET any -> [160.16.143.191] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.143.191/; sid:900508918; rev:1;)
alert tcp $HOME_NET any -> [39.44.62.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.62.55/; sid:900508921; rev:1;)
alert tcp $HOME_NET any -> [197.94.85.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.85.72/; sid:900508922; rev:1;)
alert tcp $HOME_NET any -> [197.87.182.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.35/; sid:900508923; rev:1;)
alert tcp $HOME_NET any -> [37.208.155.29] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.155.29/; sid:900508924; rev:1;)
alert tcp $HOME_NET any -> [74.14.5.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.5.179/; sid:900508925; rev:1;)
alert tcp $HOME_NET any -> [78.101.84.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.84.56/; sid:900508926; rev:1;)
alert tcp $HOME_NET any -> [1.161.122.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.122.145/; sid:900508927; rev:1;)
alert tcp $HOME_NET any -> [78.180.86.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.86.123/; sid:900508928; rev:1;)
alert tcp $HOME_NET any -> [72.27.86.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.86.98/; sid:900508929; rev:1;)
alert tcp $HOME_NET any -> [2.50.137.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.155/; sid:900508930; rev:1;)
# END 515 entries