################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset # # Last updated: 2021-08-05 10:48:15 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900505001; rev:1;) alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900505003; rev:1;) alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900505010; rev:1;) alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900505029; rev:1;) alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900505030; rev:1;) alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900505046; rev:1;) alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900505047; rev:1;) alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900505056; rev:1;) alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900505063; rev:1;) alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900505069; rev:1;) alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900505072; rev:1;) alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900505073; rev:1;) alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900505074; rev:1;) alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900505075; rev:1;) alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900505076; rev:1;) alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900505084; rev:1;) alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900505088; rev:1;) alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900505090; rev:1;) alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900505098; rev:1;) alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900505104; rev:1;) alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900505108; rev:1;) alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900505113; rev:1;) alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900505123; rev:1;) alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900505136; rev:1;) alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900505176; rev:1;) alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900505379; rev:1;) alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900505381; rev:1;) alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900505382; rev:1;) alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900505384; rev:1;) alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900505425; rev:1;) alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900505430; rev:1;) alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900505432; rev:1;) alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900505441; rev:1;) alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900505443; rev:1;) alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900505450; rev:1;) alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900505462; rev:1;) alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900505464; rev:1;) alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900505471; rev:1;) alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900505482; rev:1;) alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900505502; rev:1;) alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900505517; rev:1;) alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900505518; rev:1;) alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900505519; rev:1;) alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900505527; rev:1;) alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900505528; rev:1;) alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900505536; rev:1;) alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900505558; rev:1;) alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900505590; rev:1;) alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900505596; rev:1;) alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900505598; rev:1;) alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900505603; rev:1;) alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900505607; rev:1;) alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900505610; rev:1;) alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900505612; rev:1;) alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900505613; rev:1;) alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900505616; rev:1;) alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900505626; rev:1;) alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900505629; rev:1;) alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900505632; rev:1;) alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900505641; rev:1;) alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900505646; rev:1;) alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900505648; rev:1;) alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900505655; rev:1;) alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900505667; rev:1;) alert tcp $HOME_NET any -> [103.110.14.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.14.43/; sid:900505679; rev:1;) alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900505680; rev:1;) alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900505688; rev:1;) alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900505691; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900505702; rev:1;) alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900505711; rev:1;) alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900505712; rev:1;) alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900505713; rev:1;) alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900505724; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900505727; rev:1;) alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900505729; rev:1;) alert tcp $HOME_NET any -> [181.143.251.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900505730; rev:1;) alert tcp $HOME_NET any -> [72.249.22.245] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900505763; rev:1;) alert tcp $HOME_NET any -> [87.97.178.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900505766; rev:1;) alert tcp $HOME_NET any -> [185.148.168.25] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.25/; sid:900505772; rev:1;) alert tcp $HOME_NET any -> [51.91.156.39] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.156.39/; sid:900505777; rev:1;) alert tcp $HOME_NET any -> [154.79.244.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.244.182/; sid:900505780; rev:1;) alert tcp $HOME_NET any -> [178.134.47.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.47.166/; sid:900505784; rev:1;) alert tcp $HOME_NET any -> [154.79.245.158] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.245.158/; sid:900505785; rev:1;) alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900505786; rev:1;) alert tcp $HOME_NET any -> [158.181.179.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.179.229/; sid:900505788; rev:1;) alert tcp $HOME_NET any -> [195.9.232.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.232.252/; sid:900505801; rev:1;) alert tcp $HOME_NET any -> [193.47.240.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.47.240.8/; sid:900505804; rev:1;) alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900505805; rev:1;) alert tcp $HOME_NET any -> [178.254.33.197] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.197/; sid:900505808; rev:1;) alert tcp $HOME_NET any -> [45.55.134.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900505816; rev:1;) alert tcp $HOME_NET any -> [210.65.244.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.176/; sid:900505823; rev:1;) alert tcp $HOME_NET any -> [37.34.58.210] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.58.210/; sid:900505824; rev:1;) alert tcp $HOME_NET any -> [210.65.244.182] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.182/; sid:900505829; rev:1;) alert tcp $HOME_NET any -> [131.100.24.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900505831; rev:1;) alert tcp $HOME_NET any -> [188.40.137.206] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900505833; rev:1;) alert tcp $HOME_NET any -> [131.100.24.217] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.217/; sid:900505834; rev:1;) alert tcp $HOME_NET any -> [103.9.77.211] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.77.211/; sid:900505835; rev:1;) alert tcp $HOME_NET any -> [94.247.168.64] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.168.64/; sid:900505837; rev:1;) alert tcp $HOME_NET any -> [162.144.34.234] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.34.234/; sid:900505838; rev:1;) alert tcp $HOME_NET any -> [162.144.76.184] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900505839; rev:1;) alert tcp $HOME_NET any -> [159.8.59.82] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900505841; rev:1;) alert tcp $HOME_NET any -> [66.113.160.126] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.113.160.126/; sid:900505842; rev:1;) alert tcp $HOME_NET any -> [95.138.161.226] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.138.161.226/; sid:900505843; rev:1;) alert tcp $HOME_NET any -> [43.229.206.212] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.212/; sid:900505864; rev:1;) alert tcp $HOME_NET any -> [1.234.20.244] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.20.244/; sid:900505866; rev:1;) alert tcp $HOME_NET any -> [180.250.21.2] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900505868; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900505871; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900505872; rev:1;) alert tcp $HOME_NET any -> [192.163.233.216] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.233.216/; sid:900505877; rev:1;) alert tcp $HOME_NET any -> [43.229.206.244] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.244/; sid:900505878; rev:1;) alert tcp $HOME_NET any -> [162.241.41.92] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.92/; sid:900505883; rev:1;) alert tcp $HOME_NET any -> [210.65.244.187] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.187/; sid:900505885; rev:1;) alert tcp $HOME_NET any -> [103.253.145.28] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.145.28/; sid:900505899; rev:1;) alert tcp $HOME_NET any -> [180.250.21.5] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.5/; sid:900505900; rev:1;) alert tcp $HOME_NET any -> [144.48.139.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.139.206/; sid:900505902; rev:1;) alert tcp $HOME_NET any -> [185.9.187.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.9.187.10/; sid:900505909; rev:1;) alert tcp $HOME_NET any -> [91.235.129.79] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.79/; sid:900505910; rev:1;) alert tcp $HOME_NET any -> [14.241.244.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.244.60/; sid:900505912; rev:1;) alert tcp $HOME_NET any -> [103.164.180.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.164.180.66/; sid:900505915; rev:1;) alert tcp $HOME_NET any -> [181.167.217.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.217.53/; sid:900505918; rev:1;) alert tcp $HOME_NET any -> [186.97.172.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.172.178/; sid:900505919; rev:1;) alert tcp $HOME_NET any -> [177.67.137.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.137.111/; sid:900505922; rev:1;) alert tcp $HOME_NET any -> [189.206.78.155] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.206.78.155/; sid:900505924; rev:1;) alert tcp $HOME_NET any -> [187.19.167.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.19.167.233/; sid:900505928; rev:1;) alert tcp $HOME_NET any -> [186.225.63.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.63.18/; sid:900505929; rev:1;) alert tcp $HOME_NET any -> [49.156.34.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.34.134/; sid:900505936; rev:1;) alert tcp $HOME_NET any -> [203.114.109.114] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.114/; sid:900505937; rev:1;) alert tcp $HOME_NET any -> [190.109.204.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.204.126/; sid:900505938; rev:1;) alert tcp $HOME_NET any -> [103.124.145.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.145.98/; sid:900505940; rev:1;) alert tcp $HOME_NET any -> [94.183.237.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.237.101/; sid:900505942; rev:1;) alert tcp $HOME_NET any -> [89.37.1.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.37.1.2/; sid:900505944; rev:1;) alert tcp $HOME_NET any -> [46.209.140.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.209.140.220/; sid:900505950; rev:1;) alert tcp $HOME_NET any -> [88.150.240.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.240.129/; sid:900505951; rev:1;) alert tcp $HOME_NET any -> [103.12.160.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.160.164/; sid:900505958; rev:1;) alert tcp $HOME_NET any -> [91.83.88.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.88.122/; sid:900505960; rev:1;) alert tcp $HOME_NET any -> [94.23.86.141] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.86.141/; sid:900505966; rev:1;) alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900505968; rev:1;) alert tcp $HOME_NET any -> [162.214.106.107] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.106.107/; sid:900505970; rev:1;) alert tcp $HOME_NET any -> [51.77.82.110] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.110/; sid:900505973; rev:1;) alert tcp $HOME_NET any -> [207.210.192.60] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.192.60/; sid:900505974; rev:1;) alert tcp $HOME_NET any -> [116.212.152.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.152.225/; sid:900505977; rev:1;) alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900505979; rev:1;) alert tcp $HOME_NET any -> [45.158.199.220] 30333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.158.199.220/; sid:900505980; rev:1;) alert tcp $HOME_NET any -> [199.204.214.52] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.52/; sid:900505981; rev:1;) alert tcp $HOME_NET any -> [128.199.36.62] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.36.62/; sid:900505984; rev:1;) alert tcp $HOME_NET any -> [50.116.54.215] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.215/; sid:900505985; rev:1;) alert tcp $HOME_NET any -> [162.214.127.16] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.127.16/; sid:900505987; rev:1;) alert tcp $HOME_NET any -> [177.154.161.246] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.161.246/; sid:900505988; rev:1;) alert tcp $HOME_NET any -> [91.235.129.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.8/; sid:900506030; rev:1;) alert tcp $HOME_NET any -> [181.112.157.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900506032; rev:1;) alert tcp $HOME_NET any -> [97.83.40.67] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.40.67/; sid:900506034; rev:1;) alert tcp $HOME_NET any -> [139.59.59.242] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.59.242/; sid:900506035; rev:1;) alert tcp $HOME_NET any -> [91.207.28.33] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.28.33/; sid:900506036; rev:1;) alert tcp $HOME_NET any -> [178.128.197.110] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.197.110/; sid:900506037; rev:1;) alert tcp $HOME_NET any -> [91.191.172.124] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.124/; sid:900506038; rev:1;) alert tcp $HOME_NET any -> [50.249.212.98] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.212.98/; sid:900506040; rev:1;) alert tcp $HOME_NET any -> [144.76.1.150] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.1.150/; sid:900506041; rev:1;) alert tcp $HOME_NET any -> [104.168.154.79] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900506042; rev:1;) alert tcp $HOME_NET any -> [148.235.154.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.235.154.164/; sid:900506073; rev:1;) alert tcp $HOME_NET any -> [190.145.83.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.83.98/; sid:900506075; rev:1;) alert tcp $HOME_NET any -> [38.110.103.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.103.19/; sid:900506076; rev:1;) alert tcp $HOME_NET any -> [41.77.185.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.185.182/; sid:900506080; rev:1;) alert tcp $HOME_NET any -> [203.176.138.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.138.46/; sid:900506085; rev:1;) alert tcp $HOME_NET any -> [178.79.150.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.150.86/; sid:900506089; rev:1;) alert tcp $HOME_NET any -> [177.10.90.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.10.90.29/; sid:900506093; rev:1;) alert tcp $HOME_NET any -> [45.239.234.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.234.2/; sid:900506094; rev:1;) alert tcp $HOME_NET any -> [41.57.156.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.156.203/; sid:900506095; rev:1;) alert tcp $HOME_NET any -> [95.111.235.8] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.111.235.8/; sid:900506097; rev:1;) alert tcp $HOME_NET any -> [103.42.57.18] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.18/; sid:900506098; rev:1;) alert tcp $HOME_NET any -> [115.68.220.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.68.220.48/; sid:900506099; rev:1;) alert tcp $HOME_NET any -> [45.201.136.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.136.3/; sid:900506100; rev:1;) alert tcp $HOME_NET any -> [14.232.161.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.232.161.45/; sid:900506102; rev:1;) alert tcp $HOME_NET any -> [220.82.64.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.82.64.198/; sid:900506103; rev:1;) alert tcp $HOME_NET any -> [196.216.59.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.59.174/; sid:900506105; rev:1;) alert tcp $HOME_NET any -> [113.160.132.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.132.237/; sid:900506106; rev:1;) alert tcp $HOME_NET any -> [202.165.47.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.165.47.106/; sid:900506107; rev:1;) alert tcp $HOME_NET any -> [181.114.215.239] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.215.239/; sid:900506108; rev:1;) alert tcp $HOME_NET any -> [222.124.16.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.16.74/; sid:900506110; rev:1;) alert tcp $HOME_NET any -> [186.225.119.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.119.170/; sid:900506113; rev:1;) alert tcp $HOME_NET any -> [200.236.218.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.218.62/; sid:900506114; rev:1;) alert tcp $HOME_NET any -> [49.248.217.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.217.170/; sid:900506115; rev:1;) alert tcp $HOME_NET any -> [119.202.8.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.202.8.249/; sid:900506116; rev:1;) alert tcp $HOME_NET any -> [103.122.228.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.228.44/; sid:900506117; rev:1;) alert tcp $HOME_NET any -> [143.0.208.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.208.20/; sid:900506118; rev:1;) alert tcp $HOME_NET any -> [38.110.100.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.104/; sid:900506122; rev:1;) alert tcp $HOME_NET any -> [45.36.99.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.99.184/; sid:900506124; rev:1;) alert tcp $HOME_NET any -> [24.162.214.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.162.214.166/; sid:900506127; rev:1;) alert tcp $HOME_NET any -> [184.74.99.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.99.214/; sid:900506128; rev:1;) alert tcp $HOME_NET any -> [38.110.100.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.33/; sid:900506131; rev:1;) alert tcp $HOME_NET any -> [170.238.117.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900506132; rev:1;) alert tcp $HOME_NET any -> [5.34.74.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.74.210/; sid:900506134; rev:1;) alert tcp $HOME_NET any -> [31.207.89.74] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900506135; rev:1;) alert tcp $HOME_NET any -> [167.172.119.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.119.42/; sid:900506136; rev:1;) alert tcp $HOME_NET any -> [50.116.23.195] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.23.195/; sid:900506137; rev:1;) alert tcp $HOME_NET any -> [66.62.113.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.62.113.113/; sid:900506140; rev:1;) alert tcp $HOME_NET any -> [190.197.55.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.197.55.254/; sid:900506141; rev:1;) alert tcp $HOME_NET any -> [190.61.43.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.43.241/; sid:900506144; rev:1;) alert tcp $HOME_NET any -> [201.55.206.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.55.206.238/; sid:900506146; rev:1;) alert tcp $HOME_NET any -> [85.87.148.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.148.200/; sid:900506147; rev:1;) alert tcp $HOME_NET any -> [190.144.10.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.10.242/; sid:900506150; rev:1;) alert tcp $HOME_NET any -> [142.4.219.173] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900506151; rev:1;) alert tcp $HOME_NET any -> [104.168.155.129] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900506152; rev:1;) alert tcp $HOME_NET any -> [176.31.117.84] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.117.84/; sid:900506155; rev:1;) alert tcp $HOME_NET any -> [85.187.234.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.234.15/; sid:900506156; rev:1;) alert tcp $HOME_NET any -> [204.138.26.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.26.220/; sid:900506157; rev:1;) alert tcp $HOME_NET any -> [182.253.106.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.106.35/; sid:900506160; rev:1;) alert tcp $HOME_NET any -> [213.159.208.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.208.145/; sid:900506162; rev:1;) alert tcp $HOME_NET any -> [172.105.110.194] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.110.194/; sid:900506163; rev:1;) alert tcp $HOME_NET any -> [51.75.77.27] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.77.27/; sid:900506164; rev:1;) alert tcp $HOME_NET any -> [138.197.133.25] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.133.25/; sid:900506165; rev:1;) alert tcp $HOME_NET any -> [178.79.147.66] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.147.66/; sid:900506167; rev:1;) alert tcp $HOME_NET any -> [87.106.97.83] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900506168; rev:1;) alert tcp $HOME_NET any -> [54.191.98.150] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.191.98.150/; sid:900506169; rev:1;) alert tcp $HOME_NET any -> [209.44.106.71] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.44.106.71/; sid:900506170; rev:1;) alert tcp $HOME_NET any -> [54.37.106.167] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900506171; rev:1;) alert tcp $HOME_NET any -> [207.58.132.19] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.58.132.19/; sid:900506172; rev:1;) alert tcp $HOME_NET any -> [107.170.211.239] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.211.239/; sid:900506173; rev:1;) alert tcp $HOME_NET any -> [150.95.20.209] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900506174; rev:1;) alert tcp $HOME_NET any -> [164.68.126.207] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.126.207/; sid:900506175; rev:1;) alert tcp $HOME_NET any -> [37.59.103.148] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.103.148/; sid:900506178; rev:1;) alert tcp $HOME_NET any -> [43.229.206.214] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900506179; rev:1;) alert tcp $HOME_NET any -> [79.143.186.143] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900506180; rev:1;) alert tcp $HOME_NET any -> [195.9.84.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.84.106/; sid:900506181; rev:1;) alert tcp $HOME_NET any -> [104.168.155.113] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.113/; sid:900506182; rev:1;) alert tcp $HOME_NET any -> [107.170.64.97] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.64.97/; sid:900506184; rev:1;) alert tcp $HOME_NET any -> [212.227.94.31] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.94.31/; sid:900506185; rev:1;) alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900506190; rev:1;) alert tcp $HOME_NET any -> [202.29.60.34] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.60.34/; sid:900506191; rev:1;) alert tcp $HOME_NET any -> [78.46.78.42] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.78.42/; sid:900506192; rev:1;) alert tcp $HOME_NET any -> [79.172.201.113] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.201.113/; sid:900506202; rev:1;) alert tcp $HOME_NET any -> [114.207.112.77] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.207.112.77/; sid:900506203; rev:1;) alert tcp $HOME_NET any -> [81.0.236.93] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900506214; rev:1;) alert tcp $HOME_NET any -> [178.238.236.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.236.59/; sid:900506215; rev:1;) alert tcp $HOME_NET any -> [104.245.52.73] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900506216; rev:1;) alert tcp $HOME_NET any -> [109.104.92.237] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.92.237/; sid:900506217; rev:1;) alert tcp $HOME_NET any -> [162.243.96.221] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.96.221/; sid:900506218; rev:1;) alert tcp $HOME_NET any -> [178.33.158.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.158.180/; sid:900506223; rev:1;) alert tcp $HOME_NET any -> [109.74.50.71] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.50.71/; sid:900506224; rev:1;) alert tcp $HOME_NET any -> [177.185.32.10] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.185.32.10/; sid:900506225; rev:1;) alert tcp $HOME_NET any -> [68.183.216.174] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.216.174/; sid:900506228; rev:1;) alert tcp $HOME_NET any -> [139.162.202.74] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.202.74/; sid:900506229; rev:1;) alert tcp $HOME_NET any -> [45.79.33.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900506230; rev:1;) alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900506231; rev:1;) alert tcp $HOME_NET any -> [46.55.222.10] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.10/; sid:900506232; rev:1;) alert tcp $HOME_NET any -> [173.212.243.155] 7002 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.243.155/; sid:900506233; rev:1;) alert tcp $HOME_NET any -> [177.75.5.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.75.5.222/; sid:900506234; rev:1;) alert tcp $HOME_NET any -> [105.27.205.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.27.205.34/; sid:900506235; rev:1;) alert tcp $HOME_NET any -> [5.152.175.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.152.175.57/; sid:900506236; rev:1;) alert tcp $HOME_NET any -> [181.129.167.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900506243; rev:1;) alert tcp $HOME_NET any -> [62.99.79.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.79.77/; sid:900506244; rev:1;) alert tcp $HOME_NET any -> [128.201.76.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.76.252/; sid:900506245; rev:1;) alert tcp $HOME_NET any -> [221.147.172.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.147.172.5/; sid:900506246; rev:1;) alert tcp $HOME_NET any -> [50.21.169.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.169.122/; sid:900506248; rev:1;) alert tcp $HOME_NET any -> [213.155.173.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.155.173.21/; sid:900506250; rev:1;) alert tcp $HOME_NET any -> [82.139.146.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.139.146.190/; sid:900506251; rev:1;) alert tcp $HOME_NET any -> [183.105.49.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.105.49.9/; sid:900506255; rev:1;) alert tcp $HOME_NET any -> [115.88.53.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.53.164/; sid:900506256; rev:1;) alert tcp $HOME_NET any -> [177.87.57.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.57.93/; sid:900506259; rev:1;) alert tcp $HOME_NET any -> [196.216.220.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.220.211/; sid:900506260; rev:1;) alert tcp $HOME_NET any -> [36.67.97.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.97.127/; sid:900506261; rev:1;) alert tcp $HOME_NET any -> [103.238.203.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.203.82/; sid:900506263; rev:1;) alert tcp $HOME_NET any -> [177.52.173.20] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.173.20/; sid:900506266; rev:1;) alert tcp $HOME_NET any -> [166.62.103.55] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.62.103.55/; sid:900506267; rev:1;) alert tcp $HOME_NET any -> [103.140.207.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.207.110/; sid:900506268; rev:1;) alert tcp $HOME_NET any -> [197.156.129.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.156.129.250/; sid:900506269; rev:1;) alert tcp $HOME_NET any -> [116.203.25.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.25.236/; sid:900506270; rev:1;) alert tcp $HOME_NET any -> [103.109.247.13] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.13/; sid:900506271; rev:1;) alert tcp $HOME_NET any -> [103.253.107.156] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.156/; sid:900506272; rev:1;) alert tcp $HOME_NET any -> [36.89.98.183] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.98.183/; sid:900506273; rev:1;) alert tcp $HOME_NET any -> [88.87.15.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.87.15.96/; sid:900506274; rev:1;) alert tcp $HOME_NET any -> [45.239.233.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.109/; sid:900506275; rev:1;) alert tcp $HOME_NET any -> [106.243.129.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.129.116/; sid:900506276; rev:1;) alert tcp $HOME_NET any -> [59.4.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.4.68.75/; sid:900506277; rev:1;) alert tcp $HOME_NET any -> [185.164.32.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.148/; sid:900506278; rev:1;) alert tcp $HOME_NET any -> [46.99.175.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.149/; sid:900506279; rev:1;) alert tcp $HOME_NET any -> [46.99.175.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.217/; sid:900506280; rev:1;) alert tcp $HOME_NET any -> [46.99.188.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.188.223/; sid:900506281; rev:1;) alert tcp $HOME_NET any -> [185.56.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.175.122/; sid:900506282; rev:1;) alert tcp $HOME_NET any -> [179.189.229.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.189.229.254/; sid:900506283; rev:1;) alert tcp $HOME_NET any -> [65.152.201.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.152.201.203/; sid:900506284; rev:1;) alert tcp $HOME_NET any -> [216.166.148.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.187/; sid:900506285; rev:1;) alert tcp $HOME_NET any -> [182.253.210.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.210.130/; sid:900506286; rev:1;) alert tcp $HOME_NET any -> [186.235.48.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.48.8/; sid:900506289; rev:1;) alert tcp $HOME_NET any -> [113.160.37.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.37.196/; sid:900506290; rev:1;) # END 284 entries