################################################################
# abuse.ch Feodo Tracker Suricata / Snort Ruleset              #
# Last updated: 2021-06-19 16:16:03 UTC                        #
#                                                              #
# Terms Of Use: https://feodotracker.abuse.ch/blocklist/       #
# For questions please contact feodotracker [at] abuse.ch      #
################################################################
#
alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900505001; rev:1;)
alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900505003; rev:1;)
alert tcp $HOME_NET any -> [194.58.98.196] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.58.98.196/; sid:900505004; rev:1;)
alert tcp $HOME_NET any -> [93.186.200.154] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.186.200.154/; sid:900505009; rev:1;)
alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900505010; rev:1;)
alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900505029; rev:1;)
alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900505030; rev:1;)
alert tcp $HOME_NET any -> [82.165.152.127] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.152.127/; sid:900505038; rev:1;)
alert tcp $HOME_NET any -> [104.131.164.93] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.164.93/; sid:900505045; rev:1;)
alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900505046; rev:1;)
alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900505047; rev:1;)
alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900505056; rev:1;)
alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900505063; rev:1;)
alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900505069; rev:1;)
alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900505072; rev:1;)
alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900505073; rev:1;)
alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900505074; rev:1;)
alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900505075; rev:1;)
alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900505076; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900505084; rev:1;)
alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900505088; rev:1;)
alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900505090; rev:1;)
alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900505098; rev:1;)
alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900505104; rev:1;)
alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900505108; rev:1;)
alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900505113; rev:1;)
alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900505123; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900505136; rev:1;)
alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900505176; rev:1;)
alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900505379; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900505381; rev:1;)
alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900505382; rev:1;)
alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900505384; rev:1;)
alert tcp $HOME_NET any -> [185.181.9.76] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.181.9.76/; sid:900505419; rev:1;)
alert tcp $HOME_NET any -> [175.207.13.56] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.13.56/; sid:900505420; rev:1;)
alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900505425; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900505430; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900505432; rev:1;)
alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900505441; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900505443; rev:1;)
alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900505450; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900505462; rev:1;)
alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900505464; rev:1;)
alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900505471; rev:1;)
alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900505482; rev:1;)
alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900505502; rev:1;)
alert tcp $HOME_NET any -> [217.160.107.189] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900505503; rev:1;)
alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900505517; rev:1;)
alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900505518; rev:1;)
alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900505519; rev:1;)
alert tcp $HOME_NET any -> [151.236.29.248] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.29.248/; sid:900505520; rev:1;)
alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900505527; rev:1;)
alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900505528; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900505536; rev:1;)
alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900505558; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900505590; rev:1;)
alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900505596; rev:1;)
alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900505598; rev:1;)
alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900505603; rev:1;)
alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900505607; rev:1;)
alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900505610; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900505612; rev:1;)
alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900505613; rev:1;)
alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900505616; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.135] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.135/; sid:900505618; rev:1;)
alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900505626; rev:1;)
alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900505629; rev:1;)
alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900505632; rev:1;)
alert tcp $HOME_NET any -> [62.75.168.152] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.152/; sid:900505634; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900505641; rev:1;)
alert tcp $HOME_NET any -> [199.204.214.26] 7073 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.26/; sid:900505642; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900505646; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900505648; rev:1;)
alert tcp $HOME_NET any -> [103.18.108.116] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.18.108.116/; sid:900505649; rev:1;)
alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900505655; rev:1;)
alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900505667; rev:1;)
alert tcp $HOME_NET any -> [103.6.213.203] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.6.213.203/; sid:900505668; rev:1;)
alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900505680; rev:1;)
alert tcp $HOME_NET any -> [45.167.249.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.249.126/; sid:900505684; rev:1;)
alert tcp $HOME_NET any -> [45.229.71.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900505687; rev:1;)
alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900505688; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900505691; rev:1;)
alert tcp $HOME_NET any -> [185.229.225.1] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.229.225.1/; sid:900505695; rev:1;)
alert tcp $HOME_NET any -> [159.8.59.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900505699; rev:1;)
alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900505702; rev:1;)
alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900505711; rev:1;)
alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900505712; rev:1;)
alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900505713; rev:1;)
alert tcp $HOME_NET any -> [5.59.205.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.59.205.32/; sid:900505715; rev:1;)
alert tcp $HOME_NET any -> [80.211.33.13] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.33.13/; sid:900505722; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900505724; rev:1;)
alert tcp $HOME_NET any -> [188.18.7.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.18.7.133/; sid:900505725; rev:1;)
alert tcp $HOME_NET any -> [63.249.67.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.249.67.70/; sid:900505726; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900505727; rev:1;)
alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900505729; rev:1;)
alert tcp $HOME_NET any -> [202.131.227.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.226/; sid:900505732; rev:1;)
alert tcp $HOME_NET any -> [72.249.22.245] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900505763; rev:1;)
alert tcp $HOME_NET any -> [8.210.53.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.210.53.215/; sid:900505764; rev:1;)
alert tcp $HOME_NET any -> [87.97.178.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900505766; rev:1;)
alert tcp $HOME_NET any -> [62.75.251.60] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900505771; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.25] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.25/; sid:900505772; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.230] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.230/; sid:900505775; rev:1;)
alert tcp $HOME_NET any -> [51.91.156.39] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.156.39/; sid:900505777; rev:1;)
alert tcp $HOME_NET any -> [67.196.50.240] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.196.50.240/; sid:900505778; rev:1;)
alert tcp $HOME_NET any -> [154.79.244.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.244.182/; sid:900505780; rev:1;)
alert tcp $HOME_NET any -> [131.0.112.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.112.122/; sid:900505781; rev:1;)
alert tcp $HOME_NET any -> [178.134.47.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.47.166/; sid:900505784; rev:1;)
alert tcp $HOME_NET any -> [154.79.245.158] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.245.158/; sid:900505785; rev:1;)
alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900505786; rev:1;)
alert tcp $HOME_NET any -> [178.72.192.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.72.192.20/; sid:900505787; rev:1;)
alert tcp $HOME_NET any -> [158.181.179.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.179.229/; sid:900505788; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.240] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.240/; sid:900505797; rev:1;)
alert tcp $HOME_NET any -> [195.9.232.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.232.252/; sid:900505801; rev:1;)
alert tcp $HOME_NET any -> [193.47.240.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.47.240.8/; sid:900505804; rev:1;)
alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900505805; rev:1;)
alert tcp $HOME_NET any -> [178.254.33.197] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.197/; sid:900505808; rev:1;)
alert tcp $HOME_NET any -> [167.114.113.13] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.113.13/; sid:900505813; rev:1;)
alert tcp $HOME_NET any -> [45.55.134.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900505816; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.183] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.183/; sid:900505822; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.176/; sid:900505823; rev:1;)
alert tcp $HOME_NET any -> [37.34.58.210] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.58.210/; sid:900505824; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.179] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.179/; sid:900505825; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.215/; sid:900505827; rev:1;)
alert tcp $HOME_NET any -> [146.185.170.249] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.170.249/; sid:900505828; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.182] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.182/; sid:900505829; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900505831; rev:1;)
alert tcp $HOME_NET any -> [188.40.137.206] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900505833; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.217] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.217/; sid:900505834; rev:1;)
alert tcp $HOME_NET any -> [103.9.77.211] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.77.211/; sid:900505835; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.169] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.169/; sid:900505836; rev:1;)
alert tcp $HOME_NET any -> [94.247.168.64] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.168.64/; sid:900505837; rev:1;)
alert tcp $HOME_NET any -> [162.144.34.234] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.34.234/; sid:900505838; rev:1;)
alert tcp $HOME_NET any -> [162.144.76.184] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900505839; rev:1;)
alert tcp $HOME_NET any -> [198.20.253.36] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.20.253.36/; sid:900505840; rev:1;)
alert tcp $HOME_NET any -> [159.8.59.82] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900505841; rev:1;)
alert tcp $HOME_NET any -> [66.113.160.126] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.113.160.126/; sid:900505842; rev:1;)
alert tcp $HOME_NET any -> [95.138.161.226] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.138.161.226/; sid:900505843; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.202] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.202/; sid:900505844; rev:1;)
alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900505854; rev:1;)
alert tcp $HOME_NET any -> [94.177.255.18] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.255.18/; sid:900505855; rev:1;)
alert tcp $HOME_NET any -> [91.191.172.125] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.125/; sid:900505856; rev:1;)
alert tcp $HOME_NET any -> [218.38.136.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.136.5/; sid:900505857; rev:1;)
alert tcp $HOME_NET any -> [194.5.249.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.143/; sid:900505860; rev:1;)
alert tcp $HOME_NET any -> [82.209.17.209] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.209.17.209/; sid:900505863; rev:1;)
alert tcp $HOME_NET any -> [43.229.206.212] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.212/; sid:900505864; rev:1;)
alert tcp $HOME_NET any -> [1.234.20.244] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.20.244/; sid:900505866; rev:1;)
alert tcp $HOME_NET any -> [45.123.40.54] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.40.54/; sid:900505867; rev:1;)
alert tcp $HOME_NET any -> [180.250.21.2] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900505868; rev:1;)
alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900505871; rev:1;)
alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900505872; rev:1;)
alert tcp $HOME_NET any -> [77.72.145.112] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.145.112/; sid:900505875; rev:1;)
alert tcp $HOME_NET any -> [192.163.233.216] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.233.216/; sid:900505877; rev:1;)
alert tcp $HOME_NET any -> [43.229.206.244] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.244/; sid:900505878; rev:1;)
alert tcp $HOME_NET any -> [162.241.41.92] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.92/; sid:900505883; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.187] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.187/; sid:900505885; rev:1;)
alert tcp $HOME_NET any -> [185.183.159.100] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.159.100/; sid:900505886; rev:1;)
alert tcp $HOME_NET any -> [185.80.92.160] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.80.92.160/; sid:900505898; rev:1;)
alert tcp $HOME_NET any -> [103.253.145.28] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.145.28/; sid:900505899; rev:1;)
alert tcp $HOME_NET any -> [180.250.21.5] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.5/; sid:900505900; rev:1;)
alert tcp $HOME_NET any -> [197.254.14.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.14.238/; sid:900505901; rev:1;)
alert tcp $HOME_NET any -> [144.48.139.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.139.206/; sid:900505902; rev:1;)
alert tcp $HOME_NET any -> [27.72.107.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.107.215/; sid:900505903; rev:1;)
alert tcp $HOME_NET any -> [201.23.76.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.23.76.18/; sid:900505904; rev:1;)
alert tcp $HOME_NET any -> [185.189.55.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900505905; rev:1;)
alert tcp $HOME_NET any -> [196.43.106.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.43.106.38/; sid:900505906; rev:1;)
alert tcp $HOME_NET any -> [190.110.179.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.179.139/; sid:900505907; rev:1;)
alert tcp $HOME_NET any -> [37.228.70.134] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.70.134/; sid:900505908; rev:1;)
alert tcp $HOME_NET any -> [185.9.187.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.9.187.10/; sid:900505909; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.79] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.79/; sid:900505910; rev:1;)
alert tcp $HOME_NET any -> [128.199.182.253] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.182.253/; sid:900505911; rev:1;)
alert tcp $HOME_NET any -> [14.241.244.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.244.60/; sid:900505912; rev:1;)
alert tcp $HOME_NET any -> [196.41.57.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900505914; rev:1;)
alert tcp $HOME_NET any -> [103.164.180.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.164.180.66/; sid:900505915; rev:1;)
alert tcp $HOME_NET any -> [109.207.165.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.207.165.40/; sid:900505916; rev:1;)
alert tcp $HOME_NET any -> [212.200.25.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.200.25.118/; sid:900505917; rev:1;)
alert tcp $HOME_NET any -> [181.167.217.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.217.53/; sid:900505918; rev:1;)
alert tcp $HOME_NET any -> [186.97.172.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.172.178/; sid:900505919; rev:1;)
alert tcp $HOME_NET any -> [186.66.15.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.15.10/; sid:900505920; rev:1;)
alert tcp $HOME_NET any -> [181.129.116.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.116.58/; sid:900505921; rev:1;)
alert tcp $HOME_NET any -> [177.67.137.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.137.111/; sid:900505922; rev:1;)
alert tcp $HOME_NET any -> [189.206.78.155] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.206.78.155/; sid:900505924; rev:1;)
alert tcp $HOME_NET any -> [45.229.71.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900505925; rev:1;)
alert tcp $HOME_NET any -> [181.129.242.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.242.202/; sid:900505926; rev:1;)
alert tcp $HOME_NET any -> [202.166.196.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.166.196.111/; sid:900505927; rev:1;)
alert tcp $HOME_NET any -> [187.19.167.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.19.167.233/; sid:900505928; rev:1;)
alert tcp $HOME_NET any -> [186.225.63.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.63.18/; sid:900505929; rev:1;)
alert tcp $HOME_NET any -> [43.245.216.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.116/; sid:900505930; rev:1;)
alert tcp $HOME_NET any -> [202.138.242.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.138.242.7/; sid:900505931; rev:1;)
alert tcp $HOME_NET any -> [144.48.138.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.138.213/; sid:900505932; rev:1;)
alert tcp $HOME_NET any -> [36.94.100.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.100.202/; sid:900505933; rev:1;)
alert tcp $HOME_NET any -> [36.94.27.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.27.124/; sid:900505934; rev:1;)
alert tcp $HOME_NET any -> [45.178.142.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.178.142.14/; sid:900505935; rev:1;)
alert tcp $HOME_NET any -> [49.156.34.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.34.134/; sid:900505936; rev:1;)
alert tcp $HOME_NET any -> [203.114.109.114] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.114/; sid:900505937; rev:1;)
alert tcp $HOME_NET any -> [190.109.204.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.204.126/; sid:900505938; rev:1;)
alert tcp $HOME_NET any -> [103.124.145.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.145.98/; sid:900505940; rev:1;)
alert tcp $HOME_NET any -> [85.248.1.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.248.1.126/; sid:900505941; rev:1;)
alert tcp $HOME_NET any -> [94.183.237.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.237.101/; sid:900505942; rev:1;)
alert tcp $HOME_NET any -> [114.7.240.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.7.240.222/; sid:900505943; rev:1;)
alert tcp $HOME_NET any -> [89.37.1.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.37.1.2/; sid:900505944; rev:1;)
alert tcp $HOME_NET any -> [94.142.179.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.77/; sid:900505945; rev:1;)
alert tcp $HOME_NET any -> [146.196.121.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.121.219/; sid:900505946; rev:1;)
alert tcp $HOME_NET any -> [94.142.179.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.179/; sid:900505947; rev:1;)
alert tcp $HOME_NET any -> [85.175.171.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900505948; rev:1;)
alert tcp $HOME_NET any -> [177.221.39.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.39.161/; sid:900505949; rev:1;)
alert tcp $HOME_NET any -> [46.209.140.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.209.140.220/; sid:900505950; rev:1;)
alert tcp $HOME_NET any -> [88.150.240.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.240.129/; sid:900505951; rev:1;)
alert tcp $HOME_NET any -> [123.231.149.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900505952; rev:1;)
alert tcp $HOME_NET any -> [103.101.104.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.104.229/; sid:900505953; rev:1;)
alert tcp $HOME_NET any -> [116.0.6.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.6.110/; sid:900505954; rev:1;)
alert tcp $HOME_NET any -> [182.160.116.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.116.190/; sid:900505955; rev:1;)
alert tcp $HOME_NET any -> [103.242.104.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.68/; sid:900505956; rev:1;)
alert tcp $HOME_NET any -> [180.178.106.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.106.50/; sid:900505957; rev:1;)
alert tcp $HOME_NET any -> [103.12.160.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.160.164/; sid:900505958; rev:1;)
alert tcp $HOME_NET any -> [91.83.88.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.88.122/; sid:900505960; rev:1;)
alert tcp $HOME_NET any -> [104.238.138.234] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900505964; rev:1;)
alert tcp $HOME_NET any -> [95.85.255.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.255.220/; sid:900505965; rev:1;)
alert tcp $HOME_NET any -> [94.23.86.141] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.86.141/; sid:900505966; rev:1;)
alert tcp $HOME_NET any -> [62.75.161.205] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.161.205/; sid:900505967; rev:1;)
alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900505968; rev:1;)
alert tcp $HOME_NET any -> [162.214.106.107] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.106.107/; sid:900505970; rev:1;)
alert tcp $HOME_NET any -> [190.214.44.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.44.58/; sid:900505972; rev:1;)
alert tcp $HOME_NET any -> [51.77.82.110] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.110/; sid:900505973; rev:1;)
alert tcp $HOME_NET any -> [207.210.192.60] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.192.60/; sid:900505974; rev:1;)
alert tcp $HOME_NET any -> [159.69.237.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.237.186/; sid:900505975; rev:1;)
alert tcp $HOME_NET any -> [116.212.152.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.152.225/; sid:900505977; rev:1;)
alert tcp $HOME_NET any -> [157.245.231.228] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.231.228/; sid:900505978; rev:1;)
alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900505979; rev:1;)
alert tcp $HOME_NET any -> [45.158.199.220] 30333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.158.199.220/; sid:900505980; rev:1;)
alert tcp $HOME_NET any -> [199.204.214.52] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.52/; sid:900505981; rev:1;)
alert tcp $HOME_NET any -> [45.233.146.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.233.146.114/; sid:900505982; rev:1;)
alert tcp $HOME_NET any -> [91.200.186.229] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.229/; sid:900505983; rev:1;)
alert tcp $HOME_NET any -> [128.199.36.62] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.36.62/; sid:900505984; rev:1;)
alert tcp $HOME_NET any -> [50.116.54.215] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.215/; sid:900505985; rev:1;)
alert tcp $HOME_NET any -> [142.93.223.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.223.149/; sid:900505986; rev:1;)
alert tcp $HOME_NET any -> [162.214.127.16] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.127.16/; sid:900505987; rev:1;)
alert tcp $HOME_NET any -> [177.154.161.246] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.161.246/; sid:900505988; rev:1;)
alert tcp $HOME_NET any -> [144.202.49.155] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.49.155/; sid:900505989; rev:1;)
alert tcp $HOME_NET any -> [103.102.220.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.102.220.50/; sid:900505998; rev:1;)
alert tcp $HOME_NET any -> [185.119.120.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.119.120.213/; sid:900506013; rev:1;)
alert tcp $HOME_NET any -> [83.220.115.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.115.230/; sid:900506014; rev:1;)
alert tcp $HOME_NET any -> [189.195.96.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.96.238/; sid:900506023; rev:1;)
alert tcp $HOME_NET any -> [186.46.28.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.28.202/; sid:900506027; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.8/; sid:900506030; rev:1;)
alert tcp $HOME_NET any -> [181.112.157.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900506032; rev:1;)
# END 245 entries