################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset # # Last updated: 2023-05-30 13:58:32 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900505872; rev:1;) alert tcp $HOME_NET any -> [104.168.155.129] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900506152; rev:1;) alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900506231; rev:1;) alert tcp $HOME_NET any -> [192.99.150.39] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.150.39/; sid:900506412; rev:1;) alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900506508; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900506514; rev:1;) alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900506579; rev:1;) alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900506590; rev:1;) alert tcp $HOME_NET any -> [71.74.12.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.74.12.34/; sid:900506613; rev:1;) alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900506738; rev:1;) alert tcp $HOME_NET any -> [212.112.86.37] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.86.37/; sid:900506750; rev:1;) alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900506910; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900506952; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900507094; rev:1;) alert tcp $HOME_NET any -> [162.33.179.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.67/; sid:900507304; rev:1;) alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900507312; rev:1;) alert tcp $HOME_NET any -> [129.232.146.250] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.146.250/; sid:900507375; rev:1;) alert tcp $HOME_NET any -> [144.91.122.94] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.94/; sid:900507519; rev:1;) alert tcp $HOME_NET any -> [24.178.196.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.196.158/; sid:900507534; rev:1;) alert tcp $HOME_NET any -> [67.209.195.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.195.198/; sid:900507540; rev:1;) alert tcp $HOME_NET any -> [66.230.104.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.230.104.103/; sid:900507940; rev:1;) alert tcp $HOME_NET any -> [75.99.168.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900507961; rev:1;) alert tcp $HOME_NET any -> [196.203.37.215] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.203.37.215/; sid:900508012; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508125; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508126; rev:1;) alert tcp $HOME_NET any -> [70.46.220.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.220.114/; sid:900508132; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900508263; rev:1;) alert tcp $HOME_NET any -> [45.76.1.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.1.145/; sid:900508282; rev:1;) alert tcp $HOME_NET any -> [172.115.177.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.177.204/; sid:900508297; rev:1;) alert tcp $HOME_NET any -> [174.69.215.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.69.215.101/; sid:900508298; rev:1;) alert tcp $HOME_NET any -> [81.193.30.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.193.30.90/; sid:900509356; rev:1;) alert tcp $HOME_NET any -> [72.88.245.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.88.245.71/; sid:900509698; rev:1;) alert tcp $HOME_NET any -> [66.181.164.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.181.164.43/; sid:900509699; rev:1;) alert tcp $HOME_NET any -> [144.202.15.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.15.58/; sid:900509754; rev:1;) alert tcp $HOME_NET any -> [58.186.75.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.186.75.42/; sid:900509809; rev:1;) alert tcp $HOME_NET any -> [198.2.51.242] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.2.51.242/; sid:900509902; rev:1;) alert tcp $HOME_NET any -> [90.165.109.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.165.109.4/; sid:900510013; rev:1;) alert tcp $HOME_NET any -> [24.206.27.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.206.27.39/; sid:900510032; rev:1;) alert tcp $HOME_NET any -> [47.14.229.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.14.229.4/; sid:900510049; rev:1;) alert tcp $HOME_NET any -> [27.109.19.90] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.19.90/; sid:900510073; rev:1;) alert tcp $HOME_NET any -> [103.233.103.85] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.103.85/; sid:900510081; rev:1;) alert tcp $HOME_NET any -> [84.35.26.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.35.26.14/; sid:900510092; rev:1;) alert tcp $HOME_NET any -> [87.57.13.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.57.13.215/; sid:900510108; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510113; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510121; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510124; rev:1;) alert tcp $HOME_NET any -> [88.171.156.150] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.171.156.150/; sid:900510136; rev:1;) alert tcp $HOME_NET any -> [73.88.173.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.88.173.113/; sid:900510138; rev:1;) alert tcp $HOME_NET any -> [70.64.77.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.77.115/; sid:900510142; rev:1;) alert tcp $HOME_NET any -> [66.131.25.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.131.25.6/; sid:900510145; rev:1;) alert tcp $HOME_NET any -> [62.35.100.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.100.38/; sid:900510166; rev:1;) alert tcp $HOME_NET any -> [58.162.223.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.162.223.233/; sid:900510167; rev:1;) alert tcp $HOME_NET any -> [64.127.146.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.127.146.153/; sid:900510174; rev:1;) alert tcp $HOME_NET any -> [92.239.81.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.239.81.124/; sid:900510193; rev:1;) alert tcp $HOME_NET any -> [88.122.208.197] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.122.208.197/; sid:900510204; rev:1;) alert tcp $HOME_NET any -> [75.156.125.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.125.215/; sid:900510205; rev:1;) alert tcp $HOME_NET any -> [47.34.30.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.34.30.133/; sid:900510211; rev:1;) alert tcp $HOME_NET any -> [91.68.227.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.68.227.219/; sid:900510213; rev:1;) alert tcp $HOME_NET any -> [89.115.196.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.115.196.99/; sid:900510217; rev:1;) alert tcp $HOME_NET any -> [75.98.154.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.98.154.19/; sid:900510222; rev:1;) alert tcp $HOME_NET any -> [91.169.12.198] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.169.12.198/; sid:900510223; rev:1;) alert tcp $HOME_NET any -> [86.225.214.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.225.214.138/; sid:900510224; rev:1;) alert tcp $HOME_NET any -> [91.165.188.74] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.165.188.74/; sid:900510229; rev:1;) alert tcp $HOME_NET any -> [174.58.146.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.58.146.57/; sid:900510240; rev:1;) alert tcp $HOME_NET any -> [70.181.149.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.181.149.227/; sid:900510241; rev:1;) alert tcp $HOME_NET any -> [75.141.227.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.141.227.169/; sid:900510243; rev:1;) alert tcp $HOME_NET any -> [73.29.92.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.29.92.128/; sid:900510262; rev:1;) alert tcp $HOME_NET any -> [184.153.132.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.153.132.82/; sid:900510264; rev:1;) alert tcp $HOME_NET any -> [85.61.165.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.61.165.153/; sid:900510271; rev:1;) alert tcp $HOME_NET any -> [76.185.166.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.166.168/; sid:900510281; rev:1;) alert tcp $HOME_NET any -> [98.145.23.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.145.23.67/; sid:900510286; rev:1;) alert tcp $HOME_NET any -> [151.237.76.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.76.117/; sid:900510289; rev:1;) alert tcp $HOME_NET any -> [85.59.61.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.59.61.52/; sid:900510291; rev:1;) alert tcp $HOME_NET any -> [73.60.227.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.227.230/; sid:900510324; rev:1;) alert tcp $HOME_NET any -> [92.27.86.48] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.86.48/; sid:900510338; rev:1;) alert tcp $HOME_NET any -> [213.91.235.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.91.235.146/; sid:900510352; rev:1;) alert tcp $HOME_NET any -> [75.143.236.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.143.236.149/; sid:900510366; rev:1;) alert tcp $HOME_NET any -> [176.142.207.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.142.207.63/; sid:900510367; rev:1;) alert tcp $HOME_NET any -> [69.133.162.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.133.162.35/; sid:900510373; rev:1;) alert tcp $HOME_NET any -> [81.229.117.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.229.117.95/; sid:900510374; rev:1;) alert tcp $HOME_NET any -> [88.126.94.4] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.126.94.4/; sid:900510377; rev:1;) alert tcp $HOME_NET any -> [37.14.229.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.14.229.220/; sid:900510385; rev:1;) alert tcp $HOME_NET any -> [86.45.66.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.45.66.141/; sid:900510400; rev:1;) alert tcp $HOME_NET any -> [89.129.109.27] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.129.109.27/; sid:900510411; rev:1;) alert tcp $HOME_NET any -> [87.202.101.164] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.202.101.164/; sid:900510415; rev:1;) alert tcp $HOME_NET any -> [81.111.108.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.111.108.123/; sid:900510418; rev:1;) alert tcp $HOME_NET any -> [70.121.198.103] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.121.198.103/; sid:900510432; rev:1;) alert tcp $HOME_NET any -> [78.92.133.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.92.133.215/; sid:900510440; rev:1;) alert tcp $HOME_NET any -> [79.92.15.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.92.15.6/; sid:900510443; rev:1;) alert tcp $HOME_NET any -> [131.106.168.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.106.168.223/; sid:900510444; rev:1;) alert tcp $HOME_NET any -> [70.50.3.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.3.214/; sid:900510452; rev:1;) alert tcp $HOME_NET any -> [73.22.121.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.22.121.210/; sid:900510459; rev:1;) alert tcp $HOME_NET any -> [90.162.45.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.162.45.154/; sid:900510462; rev:1;) alert tcp $HOME_NET any -> [66.191.69.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.191.69.18/; sid:900510471; rev:1;) alert tcp $HOME_NET any -> [64.121.161.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.121.161.102/; sid:900510487; rev:1;) alert tcp $HOME_NET any -> [197.148.17.17] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.148.17.17/; sid:900510492; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510498; rev:1;) alert tcp $HOME_NET any -> [83.114.60.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.114.60.6/; sid:900510500; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510505; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510506; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510509; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510512; rev:1;) alert tcp $HOME_NET any -> [69.119.123.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.119.123.159/; sid:900510513; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510514; rev:1;) alert tcp $HOME_NET any -> [98.147.155.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.147.155.235/; sid:900510518; rev:1;) alert tcp $HOME_NET any -> [136.35.241.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.35.241.159/; sid:900510527; rev:1;) alert tcp $HOME_NET any -> [98.187.21.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.187.21.2/; sid:900510529; rev:1;) alert tcp $HOME_NET any -> [82.36.36.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.36.36.76/; sid:900510530; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510533; rev:1;) alert tcp $HOME_NET any -> [87.243.146.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.243.146.59/; sid:900510546; rev:1;) alert tcp $HOME_NET any -> [89.79.229.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.79.229.50/; sid:900510551; rev:1;) alert tcp $HOME_NET any -> [73.161.176.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.161.176.218/; sid:900510553; rev:1;) alert tcp $HOME_NET any -> [47.229.96.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.229.96.60/; sid:900510561; rev:1;) alert tcp $HOME_NET any -> [97.93.192.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.192.2/; sid:900510601; rev:1;) alert tcp $HOME_NET any -> [77.86.98.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.86.98.236/; sid:900510607; rev:1;) alert tcp $HOME_NET any -> [93.147.235.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.235.8/; sid:900510648; rev:1;) alert tcp $HOME_NET any -> [85.152.152.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.152.46/; sid:900510668; rev:1;) alert tcp $HOME_NET any -> [83.92.85.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.92.85.93/; sid:900510671; rev:1;) alert tcp $HOME_NET any -> [92.186.69.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.69.229/; sid:900510673; rev:1;) alert tcp $HOME_NET any -> [176.133.4.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.4.230/; sid:900510676; rev:1;) alert tcp $HOME_NET any -> [86.130.9.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.180/; sid:900510703; rev:1;) alert tcp $HOME_NET any -> [70.160.80.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.160.80.210/; sid:900510705; rev:1;) alert tcp $HOME_NET any -> [82.11.242.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.11.242.219/; sid:900510711; rev:1;) alert tcp $HOME_NET any -> [65.30.139.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.30.139.145/; sid:900510740; rev:1;) alert tcp $HOME_NET any -> [162.248.14.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.14.107/; sid:900510760; rev:1;) alert tcp $HOME_NET any -> [74.93.148.97] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.93.148.97/; sid:900510761; rev:1;) alert tcp $HOME_NET any -> [85.231.105.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.231.105.49/; sid:900510764; rev:1;) alert tcp $HOME_NET any -> [192.198.82.62] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.62/; sid:900510806; rev:1;) alert tcp $HOME_NET any -> [92.154.17.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.17.149/; sid:900510819; rev:1;) alert tcp $HOME_NET any -> [94.30.98.134] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.30.98.134/; sid:900510820; rev:1;) alert tcp $HOME_NET any -> [66.180.226.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.117/; sid:900510844; rev:1;) alert tcp $HOME_NET any -> [208.180.17.32] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.17.32/; sid:900510845; rev:1;) alert tcp $HOME_NET any -> [184.189.41.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.189.41.80/; sid:900510846; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 20 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510880; rev:1;) alert tcp $HOME_NET any -> [79.77.142.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.77.142.22/; sid:900510890; rev:1;) alert tcp $HOME_NET any -> [78.193.176.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.193.176.97/; sid:900510910; rev:1;) alert tcp $HOME_NET any -> [76.170.252.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.170.252.153/; sid:900510939; rev:1;) alert tcp $HOME_NET any -> [74.33.196.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.33.196.114/; sid:900510940; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510941; rev:1;) alert tcp $HOME_NET any -> [216.36.153.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.36.153.248/; sid:900510942; rev:1;) alert tcp $HOME_NET any -> [103.212.19.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.212.19.254/; sid:900510956; rev:1;) alert tcp $HOME_NET any -> [103.42.86.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.42/; sid:900510958; rev:1;) alert tcp $HOME_NET any -> [144.64.226.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.64.226.144/; sid:900510962; rev:1;) alert tcp $HOME_NET any -> [86.195.14.72] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.14.72/; sid:900510965; rev:1;) alert tcp $HOME_NET any -> [27.0.48.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.48.233/; sid:900510985; rev:1;) alert tcp $HOME_NET any -> [149.74.159.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.74.159.67/; sid:900511003; rev:1;) alert tcp $HOME_NET any -> [173.178.151.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.151.233/; sid:900511004; rev:1;) alert tcp $HOME_NET any -> [201.244.108.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.108.183/; sid:900511008; rev:1;) alert tcp $HOME_NET any -> [92.148.54.239] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.148.54.239/; sid:900511015; rev:1;) alert tcp $HOME_NET any -> [59.28.84.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.28.84.65/; sid:900511017; rev:1;) alert tcp $HOME_NET any -> [183.87.163.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.163.165/; sid:900511043; rev:1;) alert tcp $HOME_NET any -> [193.253.100.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.100.236/; sid:900511065; rev:1;) alert tcp $HOME_NET any -> [74.214.61.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.214.61.68/; sid:900511066; rev:1;) alert tcp $HOME_NET any -> [91.171.148.162] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.171.148.162/; sid:900511080; rev:1;) alert tcp $HOME_NET any -> [90.75.188.155] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.75.188.155/; sid:900511081; rev:1;) alert tcp $HOME_NET any -> [149.3.170.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.179/; sid:900511088; rev:1;) alert tcp $HOME_NET any -> [107.146.12.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.146.12.26/; sid:900511132; rev:1;) alert tcp $HOME_NET any -> [50.68.186.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.186.195/; sid:900511164; rev:1;) alert tcp $HOME_NET any -> [86.196.12.21] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.196.12.21/; sid:900511170; rev:1;) alert tcp $HOME_NET any -> [103.12.133.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.133.134/; sid:900511172; rev:1;) alert tcp $HOME_NET any -> [84.108.200.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.108.200.161/; sid:900511175; rev:1;) alert tcp $HOME_NET any -> [104.35.24.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.35.24.154/; sid:900511180; rev:1;) alert tcp $HOME_NET any -> [78.130.215.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.130.215.67/; sid:900511195; rev:1;) alert tcp $HOME_NET any -> [125.99.69.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.69.178/; sid:900511211; rev:1;) alert tcp $HOME_NET any -> [47.6.243.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.243.7/; sid:900511232; rev:1;) alert tcp $HOME_NET any -> [116.86.252.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.86.252.13/; sid:900511241; rev:1;) alert tcp $HOME_NET any -> [100.10.72.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.10.72.114/; sid:900511249; rev:1;) alert tcp $HOME_NET any -> [47.21.51.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.21.51.138/; sid:900511251; rev:1;) alert tcp $HOME_NET any -> [2.82.8.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.8.80/; sid:900511257; rev:1;) alert tcp $HOME_NET any -> [86.208.35.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.208.35.220/; sid:900511262; rev:1;) alert tcp $HOME_NET any -> [86.236.114.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.236.114.212/; sid:900511270; rev:1;) alert tcp $HOME_NET any -> [35.143.97.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.143.97.145/; sid:900511280; rev:1;) alert tcp $HOME_NET any -> [76.27.40.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.27.40.189/; sid:900511282; rev:1;) alert tcp $HOME_NET any -> [47.32.78.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.78.150/; sid:900511285; rev:1;) alert tcp $HOME_NET any -> [184.176.35.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.35.223/; sid:900511308; rev:1;) alert tcp $HOME_NET any -> [98.37.25.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.37.25.99/; sid:900511309; rev:1;) alert tcp $HOME_NET any -> [147.219.4.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.219.4.194/; sid:900511351; rev:1;) alert tcp $HOME_NET any -> [65.190.242.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.190.242.244/; sid:900511362; rev:1;) alert tcp $HOME_NET any -> [72.80.94.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.94.230/; sid:900511388; rev:1;) alert tcp $HOME_NET any -> [209.140.8.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.140.8.70/; sid:900511399; rev:1;) alert tcp $HOME_NET any -> [72.188.103.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.103.221/; sid:900511419; rev:1;) alert tcp $HOME_NET any -> [74.58.71.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.71.237/; sid:900511433; rev:1;) alert tcp $HOME_NET any -> [95.242.101.251] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.242.101.251/; sid:900511434; rev:1;) alert tcp $HOME_NET any -> [68.173.170.110] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.173.170.110/; sid:900511438; rev:1;) alert tcp $HOME_NET any -> [14.192.241.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.241.76/; sid:900511443; rev:1;) alert tcp $HOME_NET any -> [114.143.176.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.235/; sid:900511476; rev:1;) alert tcp $HOME_NET any -> [174.4.89.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.4.89.3/; sid:900511508; rev:1;) alert tcp $HOME_NET any -> [78.192.109.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.192.109.105/; sid:900511510; rev:1;) alert tcp $HOME_NET any -> [67.61.61.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.61.61.31/; sid:900511552; rev:1;) alert tcp $HOME_NET any -> [70.24.104.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.104.146/; sid:900511555; rev:1;) alert tcp $HOME_NET any -> [70.189.114.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.189.114.159/; sid:900511566; rev:1;) alert tcp $HOME_NET any -> [92.20.204.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.20.204.198/; sid:900511609; rev:1;) alert tcp $HOME_NET any -> [94.200.183.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.183.66/; sid:900511613; rev:1;) alert tcp $HOME_NET any -> [92.1.170.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.1.170.110/; sid:900511623; rev:1;) alert tcp $HOME_NET any -> [178.175.187.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.175.187.254/; sid:900511639; rev:1;) alert tcp $HOME_NET any -> [67.248.21.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.21.32/; sid:900511650; rev:1;) alert tcp $HOME_NET any -> [49.175.72.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.7/; sid:900511651; rev:1;) alert tcp $HOME_NET any -> [188.176.171.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.176.171.3/; sid:900511655; rev:1;) alert tcp $HOME_NET any -> [80.12.88.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.88.148/; sid:900511656; rev:1;) alert tcp $HOME_NET any -> [122.184.143.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.85/; sid:900511667; rev:1;) alert tcp $HOME_NET any -> [68.109.240.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.109.240.71/; sid:900511670; rev:1;) alert tcp $HOME_NET any -> [122.184.143.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.86/; sid:900511702; rev:1;) alert tcp $HOME_NET any -> [98.222.212.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.222.212.149/; sid:900511705; rev:1;) alert tcp $HOME_NET any -> [188.79.242.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.79.242.89/; sid:900511715; rev:1;) alert tcp $HOME_NET any -> [94.5.98.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.5.98.77/; sid:900511717; rev:1;) alert tcp $HOME_NET any -> [85.245.51.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.245.51.95/; sid:900511721; rev:1;) alert tcp $HOME_NET any -> [175.156.65.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.156.65.126/; sid:900511722; rev:1;) alert tcp $HOME_NET any -> [157.119.85.203] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.85.203/; sid:900511724; rev:1;) alert tcp $HOME_NET any -> [84.215.202.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.215.202.8/; sid:900511727; rev:1;) alert tcp $HOME_NET any -> [173.176.4.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.176.4.133/; sid:900511735; rev:1;) alert tcp $HOME_NET any -> [47.132.248.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.132.248.132/; sid:900511736; rev:1;) alert tcp $HOME_NET any -> [72.222.73.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.222.73.150/; sid:900511738; rev:1;) alert tcp $HOME_NET any -> [92.149.250.113] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.149.250.113/; sid:900511747; rev:1;) alert tcp $HOME_NET any -> [97.90.245.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.90.245.22/; sid:900511749; rev:1;) alert tcp $HOME_NET any -> [192.198.82.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.59/; sid:900511762; rev:1;) alert tcp $HOME_NET any -> [216.210.65.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.210.65.47/; sid:900511770; rev:1;) alert tcp $HOME_NET any -> [103.140.174.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.174.20/; sid:900511773; rev:1;) alert tcp $HOME_NET any -> [172.115.17.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.17.50/; sid:900511774; rev:1;) alert tcp $HOME_NET any -> [122.186.210.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.210.254/; sid:900511775; rev:1;) alert tcp $HOME_NET any -> [67.219.197.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.219.197.94/; sid:900511777; rev:1;) alert tcp $HOME_NET any -> [71.38.155.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.38.155.217/; sid:900511780; rev:1;) alert tcp $HOME_NET any -> [72.134.124.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.134.124.16/; sid:900511781; rev:1;) alert tcp $HOME_NET any -> [72.205.104.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.205.104.134/; sid:900511782; rev:1;) alert tcp $HOME_NET any -> [124.246.122.199] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.246.122.199/; sid:900511783; rev:1;) alert tcp $HOME_NET any -> [183.82.107.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.107.190/; sid:900511787; rev:1;) alert tcp $HOME_NET any -> [90.211.192.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.211.192.113/; sid:900511792; rev:1;) alert tcp $HOME_NET any -> [112.222.83.147] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.222.83.147/; sid:900511797; rev:1;) alert tcp $HOME_NET any -> [99.252.190.205] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.252.190.205/; sid:900511801; rev:1;) alert tcp $HOME_NET any -> [74.92.243.115] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.92.243.115/; sid:900511805; rev:1;) alert tcp $HOME_NET any -> [93.150.183.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.150.183.229/; sid:900511806; rev:1;) alert tcp $HOME_NET any -> [24.236.90.196] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.90.196/; sid:900511807; rev:1;) alert tcp $HOME_NET any -> [96.87.28.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.87.28.170/; sid:900511810; rev:1;) alert tcp $HOME_NET any -> [70.112.206.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.112.206.5/; sid:900511811; rev:1;) alert tcp $HOME_NET any -> [190.28.74.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.74.251/; sid:900511824; rev:1;) alert tcp $HOME_NET any -> [47.199.241.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.199.241.39/; sid:900511826; rev:1;) alert tcp $HOME_NET any -> [91.160.70.68] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.160.70.68/; sid:900511831; rev:1;) alert tcp $HOME_NET any -> [46.64.171.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.64.171.68/; sid:900511833; rev:1;) alert tcp $HOME_NET any -> [68.68.170.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.68.170.218/; sid:900511835; rev:1;) alert tcp $HOME_NET any -> [125.99.76.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.76.102/; sid:900511857; rev:1;) alert tcp $HOME_NET any -> [27.99.32.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.99.32.26/; sid:900511858; rev:1;) alert tcp $HOME_NET any -> [176.171.4.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.171.4.107/; sid:900511866; rev:1;) alert tcp $HOME_NET any -> [139.226.47.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.226.47.229/; sid:900511867; rev:1;) alert tcp $HOME_NET any -> [75.109.111.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.89/; sid:900511872; rev:1;) alert tcp $HOME_NET any -> [186.64.87.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.204/; sid:900511878; rev:1;) alert tcp $HOME_NET any -> [76.178.148.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.178.148.107/; sid:900511885; rev:1;) alert tcp $HOME_NET any -> [47.149.134.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.134.231/; sid:900511886; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511892; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511893; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511894; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511895; rev:1;) alert tcp $HOME_NET any -> [36.152.128.5] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.152.128.5/; sid:900511900; rev:1;) alert tcp $HOME_NET any -> [81.101.185.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.101.185.146/; sid:900511901; rev:1;) alert tcp $HOME_NET any -> [100.6.31.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.6.31.96/; sid:900511903; rev:1;) alert tcp $HOME_NET any -> [69.123.4.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.123.4.221/; sid:900511904; rev:1;) alert tcp $HOME_NET any -> [92.20.199.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.20.199.185/; sid:900511905; rev:1;) alert tcp $HOME_NET any -> [27.253.11.10] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.253.11.10/; sid:900511908; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511920; rev:1;) alert tcp $HOME_NET any -> [82.1.168.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.1.168.218/; sid:900511922; rev:1;) alert tcp $HOME_NET any -> [90.70.150.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.70.150.94/; sid:900511923; rev:1;) alert tcp $HOME_NET any -> [76.86.31.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.31.59/; sid:900511935; rev:1;) alert tcp $HOME_NET any -> [41.186.88.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.186.88.38/; sid:900511937; rev:1;) alert tcp $HOME_NET any -> [68.229.150.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.229.150.95/; sid:900511942; rev:1;) alert tcp $HOME_NET any -> [124.149.143.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.149.143.189/; sid:900511943; rev:1;) alert tcp $HOME_NET any -> [103.144.201.56] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.56/; sid:900511946; rev:1;) alert tcp $HOME_NET any -> [90.78.147.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.147.141/; sid:900511947; rev:1;) alert tcp $HOME_NET any -> [209.141.58.129] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.129/; sid:900511949; rev:1;) alert tcp $HOME_NET any -> [199.195.249.67] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.249.67/; sid:900511950; rev:1;) alert tcp $HOME_NET any -> [86.171.131.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.171.131.244/; sid:900511952; rev:1;) alert tcp $HOME_NET any -> [142.11.195.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.195.231/; sid:900511962; rev:1;) alert tcp $HOME_NET any -> [81.156.1.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.156.1.223/; sid:900511964; rev:1;) alert tcp $HOME_NET any -> [109.153.252.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.153.252.176/; sid:900511966; rev:1;) alert tcp $HOME_NET any -> [173.18.122.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.122.24/; sid:900511969; rev:1;) alert tcp $HOME_NET any -> [85.85.160.57] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.85.160.57/; sid:900511976; rev:1;) alert tcp $HOME_NET any -> [70.26.75.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.26.75.148/; sid:900511978; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900511983; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900511984; rev:1;) alert tcp $HOME_NET any -> [24.139.11.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.11.137/; sid:900511986; rev:1;) alert tcp $HOME_NET any -> [184.182.66.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.182.66.109/; sid:900511987; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900511988; rev:1;) alert tcp $HOME_NET any -> [173.88.135.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.88.135.179/; sid:900511989; rev:1;) alert tcp $HOME_NET any -> [90.104.151.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.104.151.37/; sid:900511992; rev:1;) alert tcp $HOME_NET any -> [92.9.45.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.9.45.20/; sid:900511993; rev:1;) alert tcp $HOME_NET any -> [47.205.25.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.205.25.170/; sid:900511994; rev:1;) alert tcp $HOME_NET any -> [176.202.45.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.45.209/; sid:900511995; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900512001; rev:1;) alert tcp $HOME_NET any -> [103.111.70.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.66/; sid:900512004; rev:1;) alert tcp $HOME_NET any -> [103.111.70.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.66/; sid:900512005; rev:1;) alert tcp $HOME_NET any -> [103.87.128.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.128.228/; sid:900512006; rev:1;) alert tcp $HOME_NET any -> [2.36.64.159] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.36.64.159/; sid:900512007; rev:1;) alert tcp $HOME_NET any -> [119.82.121.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.121.87/; sid:900512014; rev:1;) alert tcp $HOME_NET any -> [50.5.45.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.5.45.204/; sid:900512019; rev:1;) alert tcp $HOME_NET any -> [69.242.31.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.242.31.249/; sid:900512021; rev:1;) alert tcp $HOME_NET any -> [86.96.72.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.72.175/; sid:900512022; rev:1;) alert tcp $HOME_NET any -> [161.142.98.36] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.98.36/; sid:900512023; rev:1;) alert tcp $HOME_NET any -> [151.213.66.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.66.34/; sid:900512026; rev:1;) alert tcp $HOME_NET any -> [147.147.30.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.147.30.126/; sid:900512028; rev:1;) alert tcp $HOME_NET any -> [197.94.78.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.78.32/; sid:900512033; rev:1;) alert tcp $HOME_NET any -> [85.84.222.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.84.222.49/; sid:900512036; rev:1;) alert tcp $HOME_NET any -> [81.159.211.209] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.159.211.209/; sid:900512037; rev:1;) alert tcp $HOME_NET any -> [24.236.90.197] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.90.197/; sid:900512040; rev:1;) alert tcp $HOME_NET any -> [89.114.140.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.114.140.100/; sid:900512041; rev:1;) alert tcp $HOME_NET any -> [85.49.15.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.49.15.245/; sid:900512044; rev:1;) alert tcp $HOME_NET any -> [89.90.151.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.90.151.12/; sid:900512045; rev:1;) alert tcp $HOME_NET any -> [173.184.44.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.184.44.185/; sid:900512051; rev:1;) alert tcp $HOME_NET any -> [65.94.85.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.85.74/; sid:900512054; rev:1;) alert tcp $HOME_NET any -> [24.69.137.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.137.232/; sid:900512056; rev:1;) alert tcp $HOME_NET any -> [198.98.50.197] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.50.197/; sid:900512060; rev:1;) alert tcp $HOME_NET any -> [209.141.46.67] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.46.67/; sid:900512061; rev:1;) alert tcp $HOME_NET any -> [71.104.102.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.104.102.13/; sid:900512065; rev:1;) alert tcp $HOME_NET any -> [82.127.153.75] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.153.75/; sid:900512067; rev:1;) alert tcp $HOME_NET any -> [151.62.196.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.196.56/; sid:900512070; rev:1;) alert tcp $HOME_NET any -> [86.250.12.86] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.250.12.86/; sid:900512071; rev:1;) alert tcp $HOME_NET any -> [174.118.68.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.68.176/; sid:900512074; rev:1;) alert tcp $HOME_NET any -> [46.24.47.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.47.206/; sid:900512075; rev:1;) alert tcp $HOME_NET any -> [31.50.179.221] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.50.179.221/; sid:900512077; rev:1;) alert tcp $HOME_NET any -> [87.67.214.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.67.214.236/; sid:900512079; rev:1;) alert tcp $HOME_NET any -> [92.188.241.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.188.241.102/; sid:900512082; rev:1;) alert tcp $HOME_NET any -> [86.140.160.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.140.160.231/; sid:900512083; rev:1;) alert tcp $HOME_NET any -> [86.130.9.128] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.128/; sid:900512084; rev:1;) alert tcp $HOME_NET any -> [102.156.133.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.133.23/; sid:900512085; rev:1;) alert tcp $HOME_NET any -> [31.53.29.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.198/; sid:900512086; rev:1;) alert tcp $HOME_NET any -> [102.157.31.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.31.224/; sid:900512087; rev:1;) alert tcp $HOME_NET any -> [109.218.108.3] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.108.3/; sid:900512088; rev:1;) alert tcp $HOME_NET any -> [87.220.204.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.204.177/; sid:900512089; rev:1;) alert tcp $HOME_NET any -> [92.97.119.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.119.138/; sid:900512090; rev:1;) alert tcp $HOME_NET any -> [46.24.47.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.47.243/; sid:900512091; rev:1;) alert tcp $HOME_NET any -> [103.123.223.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.171/; sid:900512092; rev:1;) alert tcp $HOME_NET any -> [78.16.206.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.206.86/; sid:900512093; rev:1;) alert tcp $HOME_NET any -> [171.96.204.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.204.242/; sid:900512094; rev:1;) alert tcp $HOME_NET any -> [217.165.234.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.234.249/; sid:900512095; rev:1;) alert tcp $HOME_NET any -> [62.35.230.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.230.21/; sid:900512096; rev:1;) alert tcp $HOME_NET any -> [99.230.89.236] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.230.89.236/; sid:900512097; rev:1;) alert tcp $HOME_NET any -> [193.253.53.157] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.53.157/; sid:900512098; rev:1;) alert tcp $HOME_NET any -> [109.50.128.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.128.59/; sid:900512099; rev:1;) alert tcp $HOME_NET any -> [102.158.70.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.70.210/; sid:900512100; rev:1;) alert tcp $HOME_NET any -> [99.230.89.236] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.230.89.236/; sid:900512101; rev:1;) alert tcp $HOME_NET any -> [71.78.95.86] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.95.86/; sid:900512102; rev:1;) alert tcp $HOME_NET any -> [77.124.5.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.5.149/; sid:900512103; rev:1;) alert tcp $HOME_NET any -> [217.44.108.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.44.108.89/; sid:900512104; rev:1;) alert tcp $HOME_NET any -> [109.159.119.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.82/; sid:900512105; rev:1;) alert tcp $HOME_NET any -> [73.0.34.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.0.34.177/; sid:900512106; rev:1;) alert tcp $HOME_NET any -> [81.240.235.122] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.240.235.122/; sid:900512107; rev:1;) alert tcp $HOME_NET any -> [151.55.186.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.55.186.41/; sid:900512108; rev:1;) alert tcp $HOME_NET any -> [197.2.126.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.126.19/; sid:900512109; rev:1;) alert tcp $HOME_NET any -> [94.59.122.53] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.122.53/; sid:900512110; rev:1;) alert tcp $HOME_NET any -> [98.19.224.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.19.224.125/; sid:900512111; rev:1;) alert tcp $HOME_NET any -> [98.176.5.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.176.5.56/; sid:900512112; rev:1;) alert tcp $HOME_NET any -> [220.240.15.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.240.15.200/; sid:900512113; rev:1;) alert tcp $HOME_NET any -> [102.157.51.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.51.147/; sid:900512114; rev:1;) alert tcp $HOME_NET any -> [71.34.185.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.34.185.40/; sid:900512115; rev:1;) alert tcp $HOME_NET any -> [197.1.253.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.253.66/; sid:900512116; rev:1;) alert tcp $HOME_NET any -> [88.168.199.84] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.168.199.84/; sid:900512117; rev:1;) alert tcp $HOME_NET any -> [85.104.105.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.105.67/; sid:900512118; rev:1;) alert tcp $HOME_NET any -> [5.30.216.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.30.216.183/; sid:900512119; rev:1;) alert tcp $HOME_NET any -> [202.184.123.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.184.123.13/; sid:900512120; rev:1;) alert tcp $HOME_NET any -> [45.32.37.109] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.37.109/; sid:900512121; rev:1;) alert tcp $HOME_NET any -> [123.3.240.16] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.3.240.16/; sid:900512122; rev:1;) alert tcp $HOME_NET any -> [85.53.128.200] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.53.128.200/; sid:900512123; rev:1;) alert tcp $HOME_NET any -> [91.82.3.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.3.239/; sid:900512124; rev:1;) alert tcp $HOME_NET any -> [69.114.91.79] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.114.91.79/; sid:900512125; rev:1;) alert tcp $HOME_NET any -> [63.140.106.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.180/; sid:900512126; rev:1;) alert tcp $HOME_NET any -> [63.140.106.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.181/; sid:900512127; rev:1;) alert tcp $HOME_NET any -> [76.185.132.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.132.46/; sid:900512128; rev:1;) alert tcp $HOME_NET any -> [63.140.106.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.182/; sid:900512129; rev:1;) alert tcp $HOME_NET any -> [63.140.106.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.183/; sid:900512130; rev:1;) alert tcp $HOME_NET any -> [207.204.111.236] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.204.111.236/; sid:900512131; rev:1;) alert tcp $HOME_NET any -> [74.12.245.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.245.63/; sid:900512132; rev:1;) alert tcp $HOME_NET any -> [76.64.99.251] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.64.99.251/; sid:900512133; rev:1;) alert tcp $HOME_NET any -> [209.243.10.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.243.10.63/; sid:900512134; rev:1;) alert tcp $HOME_NET any -> [76.16.49.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.16.49.134/; sid:900512135; rev:1;) alert tcp $HOME_NET any -> [12.20.0.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.20.0.235/; sid:900512136; rev:1;) alert tcp $HOME_NET any -> [70.118.31.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.31.26/; sid:900512137; rev:1;) alert tcp $HOME_NET any -> [66.35.125.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.74/; sid:900512138; rev:1;) alert tcp $HOME_NET any -> [70.29.123.54] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.123.54/; sid:900512139; rev:1;) alert tcp $HOME_NET any -> [108.190.115.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.115.159/; sid:900512140; rev:1;) alert tcp $HOME_NET any -> [179.158.101.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.101.198/; sid:900512141; rev:1;) alert tcp $HOME_NET any -> [188.83.251.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.83.251.100/; sid:900512142; rev:1;) alert tcp $HOME_NET any -> [86.98.17.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.17.95/; sid:900512143; rev:1;) alert tcp $HOME_NET any -> [67.10.9.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.9.125/; sid:900512144; rev:1;) alert tcp $HOME_NET any -> [151.65.214.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.214.218/; sid:900512145; rev:1;) alert tcp $HOME_NET any -> [186.64.67.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.41/; sid:900512146; rev:1;) alert tcp $HOME_NET any -> [69.157.243.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.157.243.204/; sid:900512147; rev:1;) alert tcp $HOME_NET any -> [67.70.122.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.122.196/; sid:900512148; rev:1;) alert tcp $HOME_NET any -> [45.2.61.181] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.2.61.181/; sid:900512149; rev:1;) alert tcp $HOME_NET any -> [85.105.207.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.207.126/; sid:900512150; rev:1;) alert tcp $HOME_NET any -> [86.130.9.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.208/; sid:900512151; rev:1;) alert tcp $HOME_NET any -> [88.249.231.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.231.161/; sid:900512152; rev:1;) alert tcp $HOME_NET any -> [70.160.67.203] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.160.67.203/; sid:900512153; rev:1;) alert tcp $HOME_NET any -> [2.49.63.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.49.63.193/; sid:900512154; rev:1;) alert tcp $HOME_NET any -> [81.224.201.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.224.201.143/; sid:900512155; rev:1;) alert tcp $HOME_NET any -> [207.107.71.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.48/; sid:900512156; rev:1;) alert tcp $HOME_NET any -> [207.107.71.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.50/; sid:900512157; rev:1;) alert tcp $HOME_NET any -> [207.107.71.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.53/; sid:900512158; rev:1;) alert tcp $HOME_NET any -> [207.107.71.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.52/; sid:900512159; rev:1;) alert tcp $HOME_NET any -> [207.107.71.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.55/; sid:900512160; rev:1;) alert tcp $HOME_NET any -> [207.107.118.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.118.2/; sid:900512161; rev:1;) alert tcp $HOME_NET any -> [41.227.211.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.211.88/; sid:900512162; rev:1;) alert tcp $HOME_NET any -> [73.41.215.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.41.215.237/; sid:900512163; rev:1;) alert tcp $HOME_NET any -> [47.16.75.99] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.75.99/; sid:900512164; rev:1;) alert tcp $HOME_NET any -> [207.107.71.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.51/; sid:900512165; rev:1;) alert tcp $HOME_NET any -> [207.107.71.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.54/; sid:900512166; rev:1;) alert tcp $HOME_NET any -> [201.208.135.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.135.167/; sid:900512167; rev:1;) alert tcp $HOME_NET any -> [70.51.136.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.136.238/; sid:900512168; rev:1;) alert tcp $HOME_NET any -> [86.215.62.128] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.215.62.128/; sid:900512169; rev:1;) alert tcp $HOME_NET any -> [173.24.83.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.24.83.160/; sid:900512170; rev:1;) alert tcp $HOME_NET any -> [68.14.195.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.14.195.55/; sid:900512171; rev:1;) alert tcp $HOME_NET any -> [86.9.70.158] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.9.70.158/; sid:900512172; rev:1;) alert tcp $HOME_NET any -> [197.2.238.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.238.177/; sid:900512173; rev:1;) alert tcp $HOME_NET any -> [31.190.210.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.210.188/; sid:900512174; rev:1;) alert tcp $HOME_NET any -> [200.93.26.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.26.107/; sid:900512175; rev:1;) alert tcp $HOME_NET any -> [105.184.99.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.99.42/; sid:900512176; rev:1;) alert tcp $HOME_NET any -> [24.150.188.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.150.188.234/; sid:900512177; rev:1;) alert tcp $HOME_NET any -> [66.180.226.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.58/; sid:900512178; rev:1;) alert tcp $HOME_NET any -> [183.87.192.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.192.196/; sid:900512179; rev:1;) alert tcp $HOME_NET any -> [47.180.84.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.84.164/; sid:900512180; rev:1;) alert tcp $HOME_NET any -> [151.213.180.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.180.225/; sid:900512181; rev:1;) alert tcp $HOME_NET any -> [86.222.100.184] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.100.184/; sid:900512182; rev:1;) alert tcp $HOME_NET any -> [193.92.84.1] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.92.84.1/; sid:900512183; rev:1;) alert tcp $HOME_NET any -> [174.21.64.35] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.21.64.35/; sid:900512184; rev:1;) alert tcp $HOME_NET any -> [73.207.160.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.207.160.219/; sid:900512185; rev:1;) alert tcp $HOME_NET any -> [80.6.50.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.6.50.34/; sid:900512186; rev:1;) alert tcp $HOME_NET any -> [87.223.95.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.95.250/; sid:900512187; rev:1;) alert tcp $HOME_NET any -> [86.156.197.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.156.197.44/; sid:900512188; rev:1;) alert tcp $HOME_NET any -> [174.115.175.112] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.115.175.112/; sid:900512189; rev:1;) alert tcp $HOME_NET any -> [78.82.143.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.82.143.154/; sid:900512190; rev:1;) alert tcp $HOME_NET any -> [38.2.18.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.2.18.164/; sid:900512191; rev:1;) alert tcp $HOME_NET any -> [138.207.135.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.135.0/; sid:900512192; rev:1;) alert tcp $HOME_NET any -> [190.141.193.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.193.170/; sid:900512193; rev:1;) alert tcp $HOME_NET any -> [201.130.116.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.116.138/; sid:900512194; rev:1;) alert tcp $HOME_NET any -> [76.99.61.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.99.61.146/; sid:900512195; rev:1;) alert tcp $HOME_NET any -> [109.49.58.125] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.49.58.125/; sid:900512196; rev:1;) alert tcp $HOME_NET any -> [181.4.225.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.225.225/; sid:900512197; rev:1;) alert tcp $HOME_NET any -> [131.191.58.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.191.58.183/; sid:900512198; rev:1;) alert tcp $HOME_NET any -> [171.96.192.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.192.178/; sid:900512199; rev:1;) alert tcp $HOME_NET any -> [114.143.176.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.236/; sid:900512200; rev:1;) alert tcp $HOME_NET any -> [2.50.16.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.16.167/; sid:900512201; rev:1;) alert tcp $HOME_NET any -> [43.243.215.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.243.215.210/; sid:900512202; rev:1;) alert tcp $HOME_NET any -> [86.244.255.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.244.255.82/; sid:900512203; rev:1;) alert tcp $HOME_NET any -> [2.237.150.131] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.237.150.131/; sid:900512204; rev:1;) alert tcp $HOME_NET any -> [103.141.50.79] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.79/; sid:900512205; rev:1;) alert tcp $HOME_NET any -> [173.61.50.155] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.50.155/; sid:900512206; rev:1;) alert tcp $HOME_NET any -> [69.158.56.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.56.94/; sid:900512207; rev:1;) alert tcp $HOME_NET any -> [79.47.207.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.47.207.6/; sid:900512208; rev:1;) alert tcp $HOME_NET any -> [102.158.154.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.154.97/; sid:900512209; rev:1;) alert tcp $HOME_NET any -> [173.22.114.208] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.114.208/; sid:900512210; rev:1;) alert tcp $HOME_NET any -> [113.11.92.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.92.30/; sid:900512211; rev:1;) alert tcp $HOME_NET any -> [178.152.124.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.124.169/; sid:900512212; rev:1;) alert tcp $HOME_NET any -> [207.107.71.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.49/; sid:900512213; rev:1;) alert tcp $HOME_NET any -> [70.53.193.201] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.193.201/; sid:900512214; rev:1;) alert tcp $HOME_NET any -> [86.99.48.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.48.130/; sid:900512215; rev:1;) alert tcp $HOME_NET any -> [186.52.239.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.52.239.187/; sid:900512216; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900512217; rev:1;) alert tcp $HOME_NET any -> [86.176.16.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.16.18/; sid:900512218; rev:1;) alert tcp $HOME_NET any -> [116.74.164.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.175/; sid:900512219; rev:1;) alert tcp $HOME_NET any -> [37.14.97.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.14.97.206/; sid:900512220; rev:1;) alert tcp $HOME_NET any -> [84.216.198.201] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.216.198.201/; sid:900512221; rev:1;) alert tcp $HOME_NET any -> [212.70.98.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.236/; sid:900512222; rev:1;) alert tcp $HOME_NET any -> [109.148.99.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.148.99.224/; sid:900512223; rev:1;) alert tcp $HOME_NET any -> [142.189.121.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.189.121.178/; sid:900512224; rev:1;) alert tcp $HOME_NET any -> [31.190.225.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.225.7/; sid:900512225; rev:1;) alert tcp $HOME_NET any -> [70.54.65.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.54.65.197/; sid:900512226; rev:1;) alert tcp $HOME_NET any -> [67.177.41.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.41.245/; sid:900512227; rev:1;) alert tcp $HOME_NET any -> [173.206.84.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.84.174/; sid:900512228; rev:1;) alert tcp $HOME_NET any -> [73.228.158.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.228.158.175/; sid:900512229; rev:1;) alert tcp $HOME_NET any -> [204.112.31.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.112.31.4/; sid:900512230; rev:1;) alert tcp $HOME_NET any -> [98.160.111.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.160.111.18/; sid:900512231; rev:1;) alert tcp $HOME_NET any -> [108.32.72.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.32.72.145/; sid:900512232; rev:1;) alert tcp $HOME_NET any -> [209.171.160.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.171.160.69/; sid:900512233; rev:1;) alert tcp $HOME_NET any -> [74.136.224.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.136.224.98/; sid:900512234; rev:1;) alert tcp $HOME_NET any -> [103.113.68.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.68.33/; sid:900512235; rev:1;) alert tcp $HOME_NET any -> [64.40.4.89] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.4.89/; sid:900512236; rev:1;) alert tcp $HOME_NET any -> [40.134.85.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.85.217/; sid:900512237; rev:1;) alert tcp $HOME_NET any -> [98.19.234.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.19.234.243/; sid:900512238; rev:1;) alert tcp $HOME_NET any -> [86.177.199.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.177.199.192/; sid:900512239; rev:1;) alert tcp $HOME_NET any -> [79.167.206.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.206.93/; sid:900512240; rev:1;) alert tcp $HOME_NET any -> [174.21.75.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.21.75.227/; sid:900512241; rev:1;) alert tcp $HOME_NET any -> [211.248.50.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.50.162/; sid:900512242; rev:1;) alert tcp $HOME_NET any -> [45.241.249.37] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.249.37/; sid:900512243; rev:1;) alert tcp $HOME_NET any -> [79.26.184.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.26.184.19/; sid:900512244; rev:1;) alert tcp $HOME_NET any -> [83.110.74.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.74.222/; sid:900512245; rev:1;) alert tcp $HOME_NET any -> [41.230.168.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.168.47/; sid:900512246; rev:1;) alert tcp $HOME_NET any -> [47.149.248.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.248.80/; sid:900512247; rev:1;) alert tcp $HOME_NET any -> [2.14.173.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.173.248/; sid:900512248; rev:1;) alert tcp $HOME_NET any -> [45.243.150.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.150.223/; sid:900512249; rev:1;) alert tcp $HOME_NET any -> [103.175.16.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.119/; sid:900512250; rev:1;) alert tcp $HOME_NET any -> [213.197.72.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.197.72.89/; sid:900512251; rev:1;) alert tcp $HOME_NET any -> [86.130.9.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.227/; sid:900512252; rev:1;) alert tcp $HOME_NET any -> [82.7.145.109] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.7.145.109/; sid:900512253; rev:1;) alert tcp $HOME_NET any -> [92.135.0.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.135.0.154/; sid:900512254; rev:1;) alert tcp $HOME_NET any -> [91.2.143.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.2.143.185/; sid:900512255; rev:1;) alert tcp $HOME_NET any -> [70.50.83.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.83.139/; sid:900512256; rev:1;) alert tcp $HOME_NET any -> [102.156.218.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.218.92/; sid:900512257; rev:1;) alert tcp $HOME_NET any -> [85.104.98.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.98.64/; sid:900512258; rev:1;) alert tcp $HOME_NET any -> [116.74.164.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.93/; sid:900512259; rev:1;) alert tcp $HOME_NET any -> [186.75.103.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.103.188/; sid:900512260; rev:1;) alert tcp $HOME_NET any -> [86.178.33.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.63/; sid:900512261; rev:1;) alert tcp $HOME_NET any -> [200.109.16.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.16.12/; sid:900512262; rev:1;) alert tcp $HOME_NET any -> [92.98.159.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.159.9/; sid:900512263; rev:1;) alert tcp $HOME_NET any -> [86.133.51.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.133.51.120/; sid:900512264; rev:1;) alert tcp $HOME_NET any -> [80.76.163.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.212/; sid:900512265; rev:1;) alert tcp $HOME_NET any -> [151.51.224.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.51.224.231/; sid:900512266; rev:1;) alert tcp $HOME_NET any -> [65.95.141.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.84/; sid:900512267; rev:1;) alert tcp $HOME_NET any -> [68.203.69.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.203.69.96/; sid:900512268; rev:1;) alert tcp $HOME_NET any -> [142.79.110.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.79.110.85/; sid:900512269; rev:1;) alert tcp $HOME_NET any -> [86.169.48.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.169.48.88/; sid:900512270; rev:1;) alert tcp $HOME_NET any -> [51.14.29.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.14.29.227/; sid:900512271; rev:1;) alert tcp $HOME_NET any -> [41.62.152.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.152.156/; sid:900512272; rev:1;) alert tcp $HOME_NET any -> [102.158.201.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.201.119/; sid:900512273; rev:1;) alert tcp $HOME_NET any -> [37.186.59.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.59.197/; sid:900512274; rev:1;) alert tcp $HOME_NET any -> [86.128.15.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.128.15.167/; sid:900512275; rev:1;) alert tcp $HOME_NET any -> [24.123.46.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.46.234/; sid:900512276; rev:1;) alert tcp $HOME_NET any -> [201.208.136.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.136.202/; sid:900512277; rev:1;) alert tcp $HOME_NET any -> [105.101.53.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.53.126/; sid:900512278; rev:1;) alert tcp $HOME_NET any -> [65.95.141.84] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.84/; sid:900512279; rev:1;) alert tcp $HOME_NET any -> [184.181.75.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.181.75.148/; sid:900512280; rev:1;) alert tcp $HOME_NET any -> [78.19.1.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.19.1.196/; sid:900512281; rev:1;) alert tcp $HOME_NET any -> [99.251.67.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.251.67.229/; sid:900512282; rev:1;) alert tcp $HOME_NET any -> [142.181.206.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.181.206.222/; sid:900512283; rev:1;) alert tcp $HOME_NET any -> [97.80.93.207] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.80.93.207/; sid:900512284; rev:1;) alert tcp $HOME_NET any -> [68.227.249.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.227.249.138/; sid:900512285; rev:1;) alert tcp $HOME_NET any -> [85.104.94.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.94.30/; sid:900512286; rev:1;) alert tcp $HOME_NET any -> [69.114.94.211] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.114.94.211/; sid:900512287; rev:1;) alert tcp $HOME_NET any -> [2.50.48.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.48.191/; sid:900512288; rev:1;) alert tcp $HOME_NET any -> [78.100.242.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.242.45/; sid:900512289; rev:1;) alert tcp $HOME_NET any -> [197.92.141.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.141.173/; sid:900512290; rev:1;) alert tcp $HOME_NET any -> [206.163.237.124] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.163.237.124/; sid:900512291; rev:1;) alert tcp $HOME_NET any -> [86.97.70.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.70.4/; sid:900512292; rev:1;) alert tcp $HOME_NET any -> [86.176.152.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.152.108/; sid:900512293; rev:1;) alert tcp $HOME_NET any -> [92.136.178.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.178.51/; sid:900512294; rev:1;) alert tcp $HOME_NET any -> [86.176.144.144] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.144/; sid:900512295; rev:1;) alert tcp $HOME_NET any -> [80.76.163.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.187/; sid:900512296; rev:1;) alert tcp $HOME_NET any -> [67.70.119.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.119.49/; sid:900512297; rev:1;) alert tcp $HOME_NET any -> [200.93.14.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.14.173/; sid:900512298; rev:1;) alert tcp $HOME_NET any -> [38.69.136.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.69.136.177/; sid:900512299; rev:1;) alert tcp $HOME_NET any -> [2.14.104.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.104.108/; sid:900512300; rev:1;) alert tcp $HOME_NET any -> [73.226.175.11] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.226.175.11/; sid:900512301; rev:1;) alert tcp $HOME_NET any -> [89.36.206.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.188/; sid:900512302; rev:1;) alert tcp $HOME_NET any -> [31.53.29.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.136/; sid:900512303; rev:1;) alert tcp $HOME_NET any -> [190.11.198.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.77/; sid:900512304; rev:1;) alert tcp $HOME_NET any -> [83.110.223.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.223.61/; sid:900512305; rev:1;) alert tcp $HOME_NET any -> [194.135.33.160] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.160/; sid:900512306; rev:1;) alert tcp $HOME_NET any -> [91.235.234.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.234.199/; sid:900512307; rev:1;) alert tcp $HOME_NET any -> [192.236.233.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.233.8/; sid:900512308; rev:1;) alert tcp $HOME_NET any -> [205.185.119.60] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.119.60/; sid:900512309; rev:1;) alert tcp $HOME_NET any -> [142.11.193.243] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.193.243/; sid:900512310; rev:1;) alert tcp $HOME_NET any -> [92.119.178.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.119.178.40/; sid:900512311; rev:1;) alert tcp $HOME_NET any -> [103.175.16.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.151/; sid:900512312; rev:1;) alert tcp $HOME_NET any -> [190.11.198.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.78/; sid:900512313; rev:1;) alert tcp $HOME_NET any -> [79.168.224.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.168.224.165/; sid:900512314; rev:1;) alert tcp $HOME_NET any -> [24.198.114.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.198.114.130/; sid:900512315; rev:1;) alert tcp $HOME_NET any -> [213.64.33.61] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.64.33.61/; sid:900512316; rev:1;) alert tcp $HOME_NET any -> [66.180.226.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.67/; sid:900512317; rev:1;) alert tcp $HOME_NET any -> [223.166.13.95] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.166.13.95/; sid:900512318; rev:1;) alert tcp $HOME_NET any -> [70.50.1.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.1.252/; sid:900512319; rev:1;) alert tcp $HOME_NET any -> [103.141.50.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.43/; sid:900512320; rev:1;) alert tcp $HOME_NET any -> [90.164.29.160] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.164.29.160/; sid:900512321; rev:1;) alert tcp $HOME_NET any -> [68.68.162.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.68.162.18/; sid:900512322; rev:1;) alert tcp $HOME_NET any -> [70.29.123.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.123.104/; sid:900512323; rev:1;) alert tcp $HOME_NET any -> [86.132.236.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.236.117/; sid:900512324; rev:1;) alert tcp $HOME_NET any -> [151.21.131.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.21.131.118/; sid:900512325; rev:1;) alert tcp $HOME_NET any -> [47.16.75.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.75.156/; sid:900512326; rev:1;) alert tcp $HOME_NET any -> [45.246.236.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.246.236.229/; sid:900512327; rev:1;) alert tcp $HOME_NET any -> [92.97.115.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.117/; sid:900512328; rev:1;) alert tcp $HOME_NET any -> [220.240.164.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.240.164.182/; sid:900512329; rev:1;) alert tcp $HOME_NET any -> [69.159.157.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.157.194/; sid:900512330; rev:1;) alert tcp $HOME_NET any -> [197.161.134.140] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.134.140/; sid:900512331; rev:1;) alert tcp $HOME_NET any -> [197.204.93.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.93.169/; sid:900512332; rev:1;) alert tcp $HOME_NET any -> [75.90.81.22] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.90.81.22/; sid:900512333; rev:1;) alert tcp $HOME_NET any -> [129.153.135.83] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.153.135.83/; sid:900512334; rev:1;) alert tcp $HOME_NET any -> [132.148.79.222] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.148.79.222/; sid:900512335; rev:1;) alert tcp $HOME_NET any -> [45.154.24.57] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.154.24.57/; sid:900512336; rev:1;) alert tcp $HOME_NET any -> [45.85.235.39] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.85.235.39/; sid:900512337; rev:1;) alert tcp $HOME_NET any -> [129.153.22.231] 32999 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.153.22.231/; sid:900512338; rev:1;) alert tcp $HOME_NET any -> [129.213.54.49] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.213.54.49/; sid:900512339; rev:1;) alert tcp $HOME_NET any -> [129.80.164.200] 32999 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.80.164.200/; sid:900512340; rev:1;) alert tcp $HOME_NET any -> [144.172.126.136] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.172.126.136/; sid:900512341; rev:1;) alert tcp $HOME_NET any -> [185.87.148.132] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.87.148.132/; sid:900512342; rev:1;) alert tcp $HOME_NET any -> [193.122.200.171] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.122.200.171/; sid:900512343; rev:1;) alert tcp $HOME_NET any -> [192.9.135.73] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.9.135.73/; sid:900512344; rev:1;) alert tcp $HOME_NET any -> [132.148.73.117] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.148.73.117/; sid:900512345; rev:1;) alert tcp $HOME_NET any -> [89.116.131.40] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.116.131.40/; sid:900512346; rev:1;) alert tcp $HOME_NET any -> [209.140.8.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.140.8.14/; sid:900512347; rev:1;) alert tcp $HOME_NET any -> [161.142.103.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.103.148/; sid:900512348; rev:1;) alert tcp $HOME_NET any -> [107.189.6.147] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.6.147/; sid:900512349; rev:1;) alert tcp $HOME_NET any -> [199.195.251.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.251.244/; sid:900512350; rev:1;) alert tcp $HOME_NET any -> [200.44.192.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.44.192.169/; sid:900512351; rev:1;) alert tcp $HOME_NET any -> [185.164.186.150] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.186.150/; sid:900512352; rev:1;) alert tcp $HOME_NET any -> [35.143.97.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.143.97.141/; sid:900512353; rev:1;) alert tcp $HOME_NET any -> [105.102.98.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.102.98.225/; sid:900512354; rev:1;) alert tcp $HOME_NET any -> [86.248.228.57] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.248.228.57/; sid:900512355; rev:1;) alert tcp $HOME_NET any -> [142.196.109.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.196.109.179/; sid:900512356; rev:1;) alert tcp $HOME_NET any -> [186.64.67.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.5/; sid:900512357; rev:1;) alert tcp $HOME_NET any -> [212.169.233.141] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.169.233.141/; sid:900512358; rev:1;) alert tcp $HOME_NET any -> [102.159.61.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.61.87/; sid:900512359; rev:1;) alert tcp $HOME_NET any -> [197.1.147.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.147.157/; sid:900512360; rev:1;) alert tcp $HOME_NET any -> [186.75.95.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.95.6/; sid:900512361; rev:1;) alert tcp $HOME_NET any -> [90.1.23.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.1.23.9/; sid:900512362; rev:1;) alert tcp $HOME_NET any -> [41.227.190.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.190.59/; sid:900512363; rev:1;) alert tcp $HOME_NET any -> [190.249.250.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.250.149/; sid:900512364; rev:1;) alert tcp $HOME_NET any -> [94.207.104.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.207.104.225/; sid:900512365; rev:1;) alert tcp $HOME_NET any -> [103.123.223.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.133/; sid:900512366; rev:1;) alert tcp $HOME_NET any -> [193.80.73.200] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.80.73.200/; sid:900512367; rev:1;) alert tcp $HOME_NET any -> [31.17.195.13] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.17.195.13/; sid:900512368; rev:1;) alert tcp $HOME_NET any -> [41.62.219.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.219.235/; sid:900512369; rev:1;) alert tcp $HOME_NET any -> [203.109.44.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.109.44.236/; sid:900512370; rev:1;) alert tcp $HOME_NET any -> [142.118.221.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.221.248/; sid:900512371; rev:1;) alert tcp $HOME_NET any -> [23.191.129.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.191.129.153/; sid:900512372; rev:1;) alert tcp $HOME_NET any -> [41.228.201.107] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.201.107/; sid:900512373; rev:1;) alert tcp $HOME_NET any -> [86.178.33.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.62/; sid:900512374; rev:1;) alert tcp $HOME_NET any -> [151.62.42.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.42.163/; sid:900512375; rev:1;) alert tcp $HOME_NET any -> [90.29.86.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.29.86.138/; sid:900512376; rev:1;) alert tcp $HOME_NET any -> [176.241.61.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.241.61.213/; sid:900512377; rev:1;) alert tcp $HOME_NET any -> [101.184.170.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.184.170.38/; sid:900512378; rev:1;) alert tcp $HOME_NET any -> [151.62.35.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.35.45/; sid:900512379; rev:1;) alert tcp $HOME_NET any -> [86.130.9.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.242/; sid:900512380; rev:1;) alert tcp $HOME_NET any -> [95.45.50.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.45.50.93/; sid:900512381; rev:1;) alert tcp $HOME_NET any -> [197.1.196.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.196.34/; sid:900512382; rev:1;) alert tcp $HOME_NET any -> [76.185.109.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.109.16/; sid:900512383; rev:1;) alert tcp $HOME_NET any -> [86.97.52.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.52.82/; sid:900512384; rev:1;) alert tcp $HOME_NET any -> [116.74.164.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.53/; sid:900512385; rev:1;) alert tcp $HOME_NET any -> [205.237.67.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.237.67.69/; sid:900512386; rev:1;) alert tcp $HOME_NET any -> [105.101.83.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.83.60/; sid:900512387; rev:1;) alert tcp $HOME_NET any -> [66.35.125.199] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.199/; sid:900512388; rev:1;) alert tcp $HOME_NET any -> [190.199.228.254] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.228.254/; sid:900512389; rev:1;) alert tcp $HOME_NET any -> [78.87.244.147] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.244.147/; sid:900512390; rev:1;) alert tcp $HOME_NET any -> [154.20.252.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.20.252.31/; sid:900512391; rev:1;) alert tcp $HOME_NET any -> [41.228.57.242] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.57.242/; sid:900512392; rev:1;) alert tcp $HOME_NET any -> [104.245.157.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.157.114/; sid:900512393; rev:1;) alert tcp $HOME_NET any -> [90.7.72.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.7.72.46/; sid:900512394; rev:1;) alert tcp $HOME_NET any -> [67.21.33.208] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.21.33.208/; sid:900512395; rev:1;) alert tcp $HOME_NET any -> [70.48.46.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.48.46.235/; sid:900512396; rev:1;) alert tcp $HOME_NET any -> [78.160.146.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.160.146.127/; sid:900512397; rev:1;) alert tcp $HOME_NET any -> [105.101.34.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.34.87/; sid:900512398; rev:1;) alert tcp $HOME_NET any -> [66.180.234.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.234.51/; sid:900512399; rev:1;) alert tcp $HOME_NET any -> [190.75.158.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.158.216/; sid:900512400; rev:1;) alert tcp $HOME_NET any -> [89.36.206.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.69/; sid:900512401; rev:1;) alert tcp $HOME_NET any -> [161.142.103.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.103.187/; sid:900512402; rev:1;) alert tcp $HOME_NET any -> [91.134.126.43] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.134.126.43/; sid:900512403; rev:1;) alert tcp $HOME_NET any -> [85.215.162.167] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.215.162.167/; sid:900512404; rev:1;) alert tcp $HOME_NET any -> [154.80.229.112] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.112/; sid:900512405; rev:1;) alert tcp $HOME_NET any -> [103.151.20.137] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.151.20.137/; sid:900512406; rev:1;) alert tcp $HOME_NET any -> [197.0.76.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.76.189/; sid:900512407; rev:1;) alert tcp $HOME_NET any -> [105.101.60.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.60.253/; sid:900512408; rev:1;) alert tcp $HOME_NET any -> [209.141.57.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.57.123/; sid:900512409; rev:1;) alert tcp $HOME_NET any -> [154.80.229.105] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.105/; sid:900512410; rev:1;) alert tcp $HOME_NET any -> [174.118.54.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.54.57/; sid:900512411; rev:1;) alert tcp $HOME_NET any -> [190.199.152.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.152.233/; sid:900512412; rev:1;) alert tcp $HOME_NET any -> [86.98.22.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.22.242/; sid:900512413; rev:1;) alert tcp $HOME_NET any -> [186.64.67.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.30/; sid:900512414; rev:1;) alert tcp $HOME_NET any -> [154.80.229.76] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.76/; sid:900512415; rev:1;) alert tcp $HOME_NET any -> [151.62.238.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.238.176/; sid:900512416; rev:1;) alert tcp $HOME_NET any -> [109.150.179.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.179.202/; sid:900512417; rev:1;) alert tcp $HOME_NET any -> [31.190.73.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.73.114/; sid:900512418; rev:1;) alert tcp $HOME_NET any -> [82.125.44.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.125.44.236/; sid:900512419; rev:1;) alert tcp $HOME_NET any -> [86.176.157.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.157.39/; sid:900512420; rev:1;) alert tcp $HOME_NET any -> [85.57.212.13] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.57.212.13/; sid:900512421; rev:1;) alert tcp $HOME_NET any -> [124.122.47.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.47.148/; sid:900512422; rev:1;) alert tcp $HOME_NET any -> [102.159.188.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.188.125/; sid:900512423; rev:1;) alert tcp $HOME_NET any -> [82.131.141.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.131.141.209/; sid:900512424; rev:1;) alert tcp $HOME_NET any -> [86.97.55.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.55.89/; sid:900512425; rev:1;) alert tcp $HOME_NET any -> [69.158.122.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.122.202/; sid:900512426; rev:1;) alert tcp $HOME_NET any -> [67.177.42.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.42.38/; sid:900512427; rev:1;) # END 662 entries