################################################################
# abuse.ch Feodo Tracker Suricata / Snort Ruleset              #
# Last updated: 2019-01-22 16:17:17 UTC                        #
#                                                              #
# Terms Of Use: https://feodotracker.abuse.ch/blocklist/       #
# For questions please contact feodotracker [at] abuse.ch      #
################################################################
#
alert tcp $HOME_NET any -> [187.163.60.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.60.63/; sid:900520519; rev:1;)
alert tcp $HOME_NET any -> [170.83.53.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.83.53.71/; sid:900520516; rev:1;)
alert tcp $HOME_NET any -> [182.72.25.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.72.25.180/; sid:900520498; rev:1;)
alert tcp $HOME_NET any -> [78.189.109.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.109.123/; sid:900520509; rev:1;)
alert tcp $HOME_NET any -> [190.104.191.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.191.159/; sid:900520503; rev:1;)
alert tcp $HOME_NET any -> [191.99.120.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.120.221/; sid:900520523; rev:1;)
alert tcp $HOME_NET any -> [99.234.216.14] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.234.216.14/; sid:900520513; rev:1;)
alert tcp $HOME_NET any -> [77.44.120.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.120.62/; sid:900520508; rev:1;)
alert tcp $HOME_NET any -> [186.68.199.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.199.71/; sid:900520500; rev:1;)
alert tcp $HOME_NET any -> [187.228.133.187] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.133.187/; sid:900520520; rev:1;)
alert tcp $HOME_NET any -> [54.37.5.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.5.200/; sid:900520507; rev:1;)
alert tcp $HOME_NET any -> [94.73.197.123] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.73.197.123/; sid:900520511; rev:1;)
alert tcp $HOME_NET any -> [200.43.231.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.231.60/; sid:900520504; rev:1;)
alert tcp $HOME_NET any -> [189.252.30.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.30.160/; sid:900520502; rev:1;)
alert tcp $HOME_NET any -> [51.77.111.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.111.116/; sid:900520506; rev:1;)
alert tcp $HOME_NET any -> [200.58.78.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.78/; sid:900520525; rev:1;)
alert tcp $HOME_NET any -> [88.253.236.157] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.236.157/; sid:900520510; rev:1;)
alert tcp $HOME_NET any -> [190.179.117.181] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.179.117.181/; sid:900520521; rev:1;)
alert tcp $HOME_NET any -> [181.114.107.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.107.154/; sid:900520495; rev:1;)
alert tcp $HOME_NET any -> [181.59.253.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.59.253.20/; sid:900520497; rev:1;)
alert tcp $HOME_NET any -> [179.62.18.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.18.56/; sid:900520496; rev:1;)
alert tcp $HOME_NET any -> [198.46.157.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.157.252/; sid:900520505; rev:1;)
alert tcp $HOME_NET any -> [158.174.130.145] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.174.130.145/; sid:900520515; rev:1;)
alert tcp $HOME_NET any -> [109.170.141.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.141.120/; sid:900520514; rev:1;)
alert tcp $HOME_NET any -> [75.159.115.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.115.228/; sid:900520526; rev:1;)
alert tcp $HOME_NET any -> [186.19.62.24] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.62.24/; sid:900520499; rev:1;)
alert tcp $HOME_NET any -> [200.68.61.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.61.242/; sid:900520524; rev:1;)
alert tcp $HOME_NET any -> [96.20.46.60] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.46.60/; sid:900520512; rev:1;)
alert tcp $HOME_NET any -> [189.250.153.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.153.215/; sid:900520501; rev:1;)
alert tcp $HOME_NET any -> [181.13.229.35] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.229.35/; sid:900520517; rev:1;)
alert tcp $HOME_NET any -> [186.176.25.133] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.25.133/; sid:900520518; rev:1;)
alert tcp $HOME_NET any -> [74.58.188.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.188.22/; sid:900520490; rev:1;)
alert tcp $HOME_NET any -> [27.0.180.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.180.40/; sid:900520483; rev:1;)
alert tcp $HOME_NET any -> [114.79.134.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.49/; sid:900520470; rev:1;)
alert tcp $HOME_NET any -> [50.99.132.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.99.132.7/; sid:900520487; rev:1;)
alert tcp $HOME_NET any -> [176.74.89.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.74.89.66/; sid:900520473; rev:1;)
alert tcp $HOME_NET any -> [203.213.236.70] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.236.70/; sid:900520482; rev:1;)
alert tcp $HOME_NET any -> [111.235.148.46] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.148.46/; sid:900520471; rev:1;)
alert tcp $HOME_NET any -> [83.110.212.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.212.100/; sid:900520492; rev:1;)
alert tcp $HOME_NET any -> [175.101.89.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.89.66/; sid:900520494; rev:1;)
alert tcp $HOME_NET any -> [179.13.73.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.73.220/; sid:900520474; rev:1;)
alert tcp $HOME_NET any -> [83.110.108.213] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.108.213/; sid:900520491; rev:1;)
alert tcp $HOME_NET any -> [5.128.151.213] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.128.151.213/; sid:900520484; rev:1;)
alert tcp $HOME_NET any -> [187.199.129.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.129.111/; sid:900520479; rev:1;)
alert tcp $HOME_NET any -> [105.174.6.174] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.174.6.174/; sid:900520468; rev:1;)
alert tcp $HOME_NET any -> [113.193.254.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.254.82/; sid:900520469; rev:1;)
alert tcp $HOME_NET any -> [14.192.144.194] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.144.194/; sid:900520472; rev:1;)
alert tcp $HOME_NET any -> [197.83.236.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.236.18/; sid:900520481; rev:1;)
alert tcp $HOME_NET any -> [190.147.44.151] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.44.151/; sid:900520480; rev:1;)
alert tcp $HOME_NET any -> [58.239.33.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.239.33.5/; sid:900520488; rev:1;)
alert tcp $HOME_NET any -> [185.129.92.210] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.92.210/; sid:900520477; rev:1;)
alert tcp $HOME_NET any -> [50.31.0.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.0.160/; sid:900520486; rev:1;)
alert tcp $HOME_NET any -> [180.232.133.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.232.133.50/; sid:900520475; rev:1;)
alert tcp $HOME_NET any -> [103.108.204.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.204.93/; sid:900520467; rev:1;)
alert tcp $HOME_NET any -> [70.81.33.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.81.33.80/; sid:900520489; rev:1;)
alert tcp $HOME_NET any -> [179.53.156.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.53.156.88/; sid:900520476; rev:1;)
alert tcp $HOME_NET any -> [187.192.58.207] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.58.207/; sid:900520478; rev:1;)
alert tcp $HOME_NET any -> [93.107.126.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.107.126.157/; sid:900520493; rev:1;)
alert tcp $HOME_NET any -> [41.216.165.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.216.165.122/; sid:900520485; rev:1;)
alert tcp $HOME_NET any -> [100.42.20.148] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.20.148/; sid:900520466; rev:1;)
alert tcp $HOME_NET any -> [194.85.67.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.85.67.180/; sid:900520455; rev:1;)
alert tcp $HOME_NET any -> [201.251.43.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.43.69/; sid:900520460; rev:1;)
alert tcp $HOME_NET any -> [186.67.88.242] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.88.242/; sid:900520442; rev:1;)
alert tcp $HOME_NET any -> [181.171.28.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.28.140/; sid:900520413; rev:1;)
alert tcp $HOME_NET any -> [86.122.149.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.122.149.86/; sid:900520456; rev:1;)
alert tcp $HOME_NET any -> [200.24.248.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.194/; sid:900520426; rev:1;)
alert tcp $HOME_NET any -> [78.186.26.189] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.26.189/; sid:900520459; rev:1;)
alert tcp $HOME_NET any -> [200.50.177.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.177.218/; sid:900520427; rev:1;)
alert tcp $HOME_NET any -> [217.145.83.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.145.83.44/; sid:900520457; rev:1;)
alert tcp $HOME_NET any -> [105.225.161.70] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.161.70/; sid:900520409; rev:1;)
alert tcp $HOME_NET any -> [87.201.127.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.201.127.70/; sid:900520464; rev:1;)
alert tcp $HOME_NET any -> [187.247.125.144] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.247.125.144/; sid:900520417; rev:1;)
alert tcp $HOME_NET any -> [86.98.71.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.253/; sid:900520438; rev:1;)
alert tcp $HOME_NET any -> [45.224.52.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.52.174/; sid:900520462; rev:1;)
alert tcp $HOME_NET any -> [197.88.29.182] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.29.182/; sid:900520425; rev:1;)
alert tcp $HOME_NET any -> [59.23.248.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.248.48/; sid:900520433; rev:1;)
alert tcp $HOME_NET any -> [105.226.195.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.195.36/; sid:900520446; rev:1;)
alert tcp $HOME_NET any -> [105.184.219.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.219.102/; sid:900520408; rev:1;)
alert tcp $HOME_NET any -> [83.103.164.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.103.164.123/; sid:900520436; rev:1;)
alert tcp $HOME_NET any -> [117.197.124.51] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.51/; sid:900520447; rev:1;)
alert tcp $HOME_NET any -> [85.54.169.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.169.141/; sid:900520437; rev:1;)
alert tcp $HOME_NET any -> [220.123.35.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.123.35.12/; sid:900520429; rev:1;)
alert tcp $HOME_NET any -> [194.183.83.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.183.83.82/; sid:900520423; rev:1;)
alert tcp $HOME_NET any -> [189.213.205.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.205.70/; sid:900520418; rev:1;)
alert tcp $HOME_NET any -> [175.195.100.9] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.195.100.9/; sid:900520412; rev:1;)
alert tcp $HOME_NET any -> [173.252.33.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.252.33.186/; sid:900520411; rev:1;)
alert tcp $HOME_NET any -> [208.78.100.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.100.202/; sid:900520428; rev:1;)
alert tcp $HOME_NET any -> [45.63.17.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.17.206/; sid:900520432; rev:1;)
alert tcp $HOME_NET any -> [24.51.106.145] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.51.106.145/; sid:900520430; rev:1;)
alert tcp $HOME_NET any -> [196.210.47.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.47.216/; sid:900520424; rev:1;)
alert tcp $HOME_NET any -> [96.22.189.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.22.189.104/; sid:900520439; rev:1;)
alert tcp $HOME_NET any -> [118.175.93.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.175.93.254/; sid:900520410; rev:1;)
alert tcp $HOME_NET any -> [59.102.162.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.102.162.246/; sid:900520434; rev:1;)
alert tcp $HOME_NET any -> [212.81.22.231] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.81.22.231/; sid:900520454; rev:1;)
alert tcp $HOME_NET any -> [190.245.10.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.10.162/; sid:900520453; rev:1;)
alert tcp $HOME_NET any -> [200.86.246.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.86.246.50/; sid:900520450; rev:1;)
alert tcp $HOME_NET any -> [189.208.126.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.126.53/; sid:900520420; rev:1;)
alert tcp $HOME_NET any -> [190.195.169.170] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.169.170/; sid:900520421; rev:1;)
alert tcp $HOME_NET any -> [190.25.255.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.255.98/; sid:900520422; rev:1;)
alert tcp $HOME_NET any -> [187.137.111.0] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.111.0/; sid:900520416; rev:1;)
alert tcp $HOME_NET any -> [189.190.40.163] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.40.163/; sid:900520419; rev:1;)
alert tcp $HOME_NET any -> [181.54.202.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.202.80/; sid:900520414; rev:1;)
alert tcp $HOME_NET any -> [187.192.133.210] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.133.210/; sid:900520452; rev:1;)
alert tcp $HOME_NET any -> [31.193.130.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.193.130.187/; sid:900520431; rev:1;)
alert tcp $HOME_NET any -> [185.38.216.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.38.216.84/; sid:900520415; rev:1;)
alert tcp $HOME_NET any -> [72.47.248.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.248.48/; sid:900520435; rev:1;)
alert tcp $HOME_NET any -> [186.129.174.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.129.174.150/; sid:900520441; rev:1;)
alert tcp $HOME_NET any -> [189.250.100.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.100.248/; sid:900520406; rev:1;)
alert tcp $HOME_NET any -> [186.90.155.228] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.155.228/; sid:900520404; rev:1;)
alert tcp $HOME_NET any -> [189.159.119.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.119.242/; sid:900520405; rev:1;)
alert tcp $HOME_NET any -> [178.201.186.245] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.201.186.245/; sid:900520458; rev:1;)
alert tcp $HOME_NET any -> [190.146.158.142] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.158.142/; sid:900520407; rev:1;)
alert tcp $HOME_NET any -> [200.43.114.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.114.10/; sid:900520440; rev:1;)
alert tcp $HOME_NET any -> [189.129.160.167] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.160.167/; sid:900520443; rev:1;)
alert tcp $HOME_NET any -> [190.138.221.70] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.221.70/; sid:900520449; rev:1;)
alert tcp $HOME_NET any -> [190.55.123.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.123.250/; sid:900520463; rev:1;)
alert tcp $HOME_NET any -> [186.150.202.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.202.242/; sid:900520401; rev:1;)
alert tcp $HOME_NET any -> [122.176.109.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.109.10/; sid:900520374; rev:1;)
alert tcp $HOME_NET any -> [117.247.233.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.247.233.82/; sid:900520396; rev:1;)
alert tcp $HOME_NET any -> [183.82.112.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.154/; sid:900520378; rev:1;)
alert tcp $HOME_NET any -> [217.165.2.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.29/; sid:900520392; rev:1;)
alert tcp $HOME_NET any -> [186.90.227.239] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.227.239/; sid:900520381; rev:1;)
alert tcp $HOME_NET any -> [58.65.178.100] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.178.100/; sid:900520395; rev:1;)
alert tcp $HOME_NET any -> [27.96.91.73] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.73/; sid:900520394; rev:1;)
alert tcp $HOME_NET any -> [2.50.183.165] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.183.165/; sid:900520391; rev:1;)
alert tcp $HOME_NET any -> [211.248.17.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.17.209/; sid:900520400; rev:1;)
alert tcp $HOME_NET any -> [187.144.76.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.76.174/; sid:900520382; rev:1;)
alert tcp $HOME_NET any -> [196.209.233.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.209.233.234/; sid:900520390; rev:1;)
alert tcp $HOME_NET any -> [190.147.100.8] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.100.8/; sid:900520388; rev:1;)
alert tcp $HOME_NET any -> [123.136.174.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.136.174.52/; sid:900520373; rev:1;)
alert tcp $HOME_NET any -> [189.149.3.197] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.3.197/; sid:900520383; rev:1;)
alert tcp $HOME_NET any -> [115.93.16.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.93.16.173/; sid:900520372; rev:1;)
alert tcp $HOME_NET any -> [121.74.198.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.198.58/; sid:900520399; rev:1;)
alert tcp $HOME_NET any -> [190.109.223.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.223.50/; sid:900520387; rev:1;)
alert tcp $HOME_NET any -> [27.147.163.188] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.147.163.188/; sid:900520393; rev:1;)
alert tcp $HOME_NET any -> [147.83.156.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.156.162/; sid:900520375; rev:1;)
alert tcp $HOME_NET any -> [190.0.1.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.1.30/; sid:900520386; rev:1;)
alert tcp $HOME_NET any -> [190.94.79.239] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.94.79.239/; sid:900520389; rev:1;)
alert tcp $HOME_NET any -> [189.230.124.74] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.124.74/; sid:900520385; rev:1;)
alert tcp $HOME_NET any -> [186.4.165.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.165.50/; sid:900520380; rev:1;)
alert tcp $HOME_NET any -> [189.194.250.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.250.74/; sid:900520384; rev:1;)
alert tcp $HOME_NET any -> [183.82.120.85] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.120.85/; sid:900520379; rev:1;)
alert tcp $HOME_NET any -> [148.243.206.110] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.243.206.110/; sid:900520376; rev:1;)
alert tcp $HOME_NET any -> [181.119.30.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.25/; sid:900520377; rev:1;)
alert tcp $HOME_NET any -> [218.90.156.188] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.90.156.188/; sid:900520445; rev:1;)
alert tcp $HOME_NET any -> [187.163.177.194] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.177.194/; sid:900520402; rev:1;)
alert tcp $HOME_NET any -> [201.248.14.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.14.67/; sid:900520371; rev:1;)
alert tcp $HOME_NET any -> [125.130.72.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.130.72.105/; sid:900520369; rev:1;)
alert tcp $HOME_NET any -> [181.31.246.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.246.152/; sid:900520370; rev:1;)
alert tcp $HOME_NET any -> [116.240.3.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.240.3.27/; sid:900520368; rev:1;)
alert tcp $HOME_NET any -> [190.190.101.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.101.38/; sid:900520355; rev:1;)
alert tcp $HOME_NET any -> [31.53.229.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.229.122/; sid:900520362; rev:1;)
alert tcp $HOME_NET any -> [181.45.45.132] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.45.132/; sid:900520350; rev:1;)
alert tcp $HOME_NET any -> [181.211.11.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.11.171/; sid:900520349; rev:1;)
alert tcp $HOME_NET any -> [190.226.34.8] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.34.8/; sid:900520356; rev:1;)
alert tcp $HOME_NET any -> [186.15.66.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.66.98/; sid:900520351; rev:1;)
alert tcp $HOME_NET any -> [200.83.21.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.21.5/; sid:900520358; rev:1;)
alert tcp $HOME_NET any -> [24.53.3.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.3.10/; sid:900520361; rev:1;)
alert tcp $HOME_NET any -> [69.158.10.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.10.125/; sid:900520364; rev:1;)
alert tcp $HOME_NET any -> [24.222.22.58] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.22.58/; sid:900520360; rev:1;)
alert tcp $HOME_NET any -> [45.73.27.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.27.218/; sid:900520363; rev:1;)
alert tcp $HOME_NET any -> [95.9.248.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.248.89/; sid:900520366; rev:1;)
alert tcp $HOME_NET any -> [66.50.57.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.57.73/; sid:900520365; rev:1;)
alert tcp $HOME_NET any -> [189.225.146.180] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.146.180/; sid:900520354; rev:1;)
alert tcp $HOME_NET any -> [200.54.18.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.18.162/; sid:900520357; rev:1;)
alert tcp $HOME_NET any -> [190.10.220.92] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.220.92/; sid:900520353; rev:1;)
alert tcp $HOME_NET any -> [187.158.112.43] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.158.112.43/; sid:900520352; rev:1;)
alert tcp $HOME_NET any -> [201.245.184.16] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.184.16/; sid:900520451; rev:1;)
alert tcp $HOME_NET any -> [80.44.121.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.121.62/; sid:900520345; rev:1;)
alert tcp $HOME_NET any -> [45.167.12.22] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.12.22/; sid:900520343; rev:1;)
alert tcp $HOME_NET any -> [105.184.237.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.237.83/; sid:900520332; rev:1;)
alert tcp $HOME_NET any -> [78.189.173.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.173.217/; sid:900520344; rev:1;)
alert tcp $HOME_NET any -> [182.73.147.218] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.147.218/; sid:900520465; rev:1;)
alert tcp $HOME_NET any -> [105.184.106.99] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.106.99/; sid:900520331; rev:1;)
alert tcp $HOME_NET any -> [151.237.16.5] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.16.5/; sid:900520333; rev:1;)
alert tcp $HOME_NET any -> [178.209.71.63] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.209.71.63/; sid:900520334; rev:1;)
alert tcp $HOME_NET any -> [88.249.181.174] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.174/; sid:900520346; rev:1;)
alert tcp $HOME_NET any -> [27.109.116.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.116.48/; sid:900520342; rev:1;)
alert tcp $HOME_NET any -> [190.17.173.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.58/; sid:900520340; rev:1;)
alert tcp $HOME_NET any -> [178.92.73.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.92.73.34/; sid:900520336; rev:1;)
alert tcp $HOME_NET any -> [187.235.145.190] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.145.190/; sid:900520339; rev:1;)
alert tcp $HOME_NET any -> [94.59.80.100] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.80.100/; sid:900520347; rev:1;)
alert tcp $HOME_NET any -> [216.244.228.62] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.228.62/; sid:900520359; rev:1;)
alert tcp $HOME_NET any -> [181.164.8.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.8/; sid:900520367; rev:1;)
alert tcp $HOME_NET any -> [189.146.157.111] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.157.111/; sid:900520403; rev:1;)
alert tcp $HOME_NET any -> [189.129.134.124] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.134.124/; sid:900520397; rev:1;)
alert tcp $HOME_NET any -> [201.230.255.100] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.230.255.100/; sid:900520341; rev:1;)
alert tcp $HOME_NET any -> [201.235.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.65.61/; sid:900520314; rev:1;)
alert tcp $HOME_NET any -> [204.13.253.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.13.253.141/; sid:900520315; rev:1;)
alert tcp $HOME_NET any -> [189.155.150.137] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.150.137/; sid:900520309; rev:1;)
alert tcp $HOME_NET any -> [200.93.90.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.90.133/; sid:900520327; rev:1;)
alert tcp $HOME_NET any -> [190.52.161.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.52.161.1/; sid:900520322; rev:1;)
alert tcp $HOME_NET any -> [190.210.223.238] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.223.238/; sid:900520329; rev:1;)
alert tcp $HOME_NET any -> [200.68.111.81] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.111.81/; sid:900520313; rev:1;)
alert tcp $HOME_NET any -> [179.41.14.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.41.14.199/; sid:900520321; rev:1;)
alert tcp $HOME_NET any -> [190.60.225.114] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.60.225.114/; sid:900520326; rev:1;)
alert tcp $HOME_NET any -> [190.10.159.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.159.242/; sid:900520323; rev:1;)
alert tcp $HOME_NET any -> [180.92.239.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.92.239.110/; sid:900520307; rev:1;)
alert tcp $HOME_NET any -> [24.232.79.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.79.140/; sid:900520328; rev:1;)
alert tcp $HOME_NET any -> [37.187.159.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.159.59/; sid:900520348; rev:1;)
alert tcp $HOME_NET any -> [190.17.160.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.160.28/; sid:900520312; rev:1;)
alert tcp $HOME_NET any -> [190.167.214.75] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.167.214.75/; sid:900520311; rev:1;)
alert tcp $HOME_NET any -> [62.75.191.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.191.231/; sid:900520316; rev:1;)
alert tcp $HOME_NET any -> [189.244.154.169] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.154.169/; sid:900520310; rev:1;)
alert tcp $HOME_NET any -> [181.143.194.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.194.138/; sid:900520308; rev:1;)
alert tcp $HOME_NET any -> [81.130.209.250] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.209.250/; sid:900520320; rev:1;)
alert tcp $HOME_NET any -> [70.55.70.147] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.147/; sid:900520317; rev:1;)
alert tcp $HOME_NET any -> [190.6.24.248] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.24.248/; sid:900520325; rev:1;)
alert tcp $HOME_NET any -> [177.242.215.65] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.65/; sid:900520318; rev:1;)
alert tcp $HOME_NET any -> [187.207.58.148] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.58.148/; sid:900520338; rev:1;)
alert tcp $HOME_NET any -> [190.103.30.186] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.30.186/; sid:900520398; rev:1;)
alert tcp $HOME_NET any -> [120.63.148.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.63.148.9/; sid:900520448; rev:1;)
alert tcp $HOME_NET any -> [201.111.29.109] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.29.109/; sid:900520444; rev:1;)
alert tcp $HOME_NET any -> [183.82.34.65] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.34.65/; sid:900520330; rev:1;)
alert tcp $HOME_NET any -> [190.220.19.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.19.82/; sid:900520324; rev:1;)
alert tcp $HOME_NET any -> [169.0.47.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.47.103/; sid:900520319; rev:1;)
alert tcp $HOME_NET any -> [60.54.121.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.121.215/; sid:900520295; rev:1;)
alert tcp $HOME_NET any -> [210.19.41.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.19.41.87/; sid:900520293; rev:1;)
alert tcp $HOME_NET any -> [186.16.203.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.203.150/; sid:900520285; rev:1;)
alert tcp $HOME_NET any -> [86.98.65.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.65.187/; sid:900520301; rev:1;)
alert tcp $HOME_NET any -> [201.231.70.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.70.72/; sid:900520292; rev:1;)
alert tcp $HOME_NET any -> [189.163.44.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.44.44/; sid:900520289; rev:1;)
alert tcp $HOME_NET any -> [201.200.3.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.200.3.74/; sid:900520305; rev:1;)
alert tcp $HOME_NET any -> [181.46.46.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.46.49/; sid:900520303; rev:1;)
alert tcp $HOME_NET any -> [80.12.84.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.84.86/; sid:900520299; rev:1;)
alert tcp $HOME_NET any -> [181.48.239.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.239.3/; sid:900520284; rev:1;)
alert tcp $HOME_NET any -> [200.113.106.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.106.18/; sid:900520291; rev:1;)
alert tcp $HOME_NET any -> [81.86.206.166] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.206.166/; sid:900520300; rev:1;)
alert tcp $HOME_NET any -> [190.210.236.237] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.237/; sid:900520290; rev:1;)
alert tcp $HOME_NET any -> [78.187.52.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.52.65/; sid:900520304; rev:1;)
alert tcp $HOME_NET any -> [216.252.83.23] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.252.83.23/; sid:900520294; rev:1;)
alert tcp $HOME_NET any -> [79.127.57.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.42/; sid:900520297; rev:1;)
alert tcp $HOME_NET any -> [186.190.192.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.190.192.84/; sid:900520286; rev:1;)
alert tcp $HOME_NET any -> [69.163.33.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.82/; sid:900520296; rev:1;)
alert tcp $HOME_NET any -> [181.167.49.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.49.76/; sid:900520283; rev:1;)
alert tcp $HOME_NET any -> [189.154.188.33] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.188.33/; sid:900520288; rev:1;)
alert tcp $HOME_NET any -> [181.169.58.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.58.108/; sid:900520302; rev:1;)
alert tcp $HOME_NET any -> [154.120.231.114] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.231.114/; sid:900520306; rev:1;)
alert tcp $HOME_NET any -> [79.66.242.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.66.242.43/; sid:900520298; rev:1;)
alert tcp $HOME_NET any -> [187.163.213.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.213.124/; sid:900520287; rev:1;)
alert tcp $HOME_NET any -> [190.19.178.131] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.178.131/; sid:900520270; rev:1;)
alert tcp $HOME_NET any -> [201.183.225.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.225.39/; sid:900520267; rev:1;)
alert tcp $HOME_NET any -> [103.91.228.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.228.3/; sid:900520262; rev:1;)
alert tcp $HOME_NET any -> [186.149.140.55] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.140.55/; sid:900520261; rev:1;)
alert tcp $HOME_NET any -> [103.251.141.42] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.141.42/; sid:900520263; rev:1;)
alert tcp $HOME_NET any -> [190.44.153.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.153.169/; sid:900520265; rev:1;)
alert tcp $HOME_NET any -> [201.228.78.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.228.78.117/; sid:900520280; rev:1;)
alert tcp $HOME_NET any -> [91.183.108.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.183.108.184/; sid:900520269; rev:1;)
alert tcp $HOME_NET any -> [152.168.249.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.249.64/; sid:900520273; rev:1;)
alert tcp $HOME_NET any -> [200.6.186.36] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.186.36/; sid:900520274; rev:1;)
alert tcp $HOME_NET any -> [190.136.177.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.177.34/; sid:900520271; rev:1;)
alert tcp $HOME_NET any -> [190.230.171.15] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.171.15/; sid:900520277; rev:1;)
alert tcp $HOME_NET any -> [5.187.152.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.187.152.115/; sid:900520260; rev:1;)
alert tcp $HOME_NET any -> [190.138.220.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.220.6/; sid:900520272; rev:1;)
alert tcp $HOME_NET any -> [190.186.38.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.38.22/; sid:900520268; rev:1;)
alert tcp $HOME_NET any -> [189.203.177.52] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.52/; sid:900520257; rev:1;)
alert tcp $HOME_NET any -> [190.210.33.41] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.33.41/; sid:900520243; rev:1;)
alert tcp $HOME_NET any -> [64.39.179.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.39.179.131/; sid:900520252; rev:1;)
alert tcp $HOME_NET any -> [212.99.204.114] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.99.204.114/; sid:900520251; rev:1;)
alert tcp $HOME_NET any -> [201.231.77.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.77.11/; sid:900520250; rev:1;)
alert tcp $HOME_NET any -> [190.104.233.88] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.233.88/; sid:900520239; rev:1;)
alert tcp $HOME_NET any -> [190.147.247.215] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.247.215/; sid:900520240; rev:1;)
alert tcp $HOME_NET any -> [5.44.210.163] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.210.163/; sid:900520258; rev:1;)
alert tcp $HOME_NET any -> [189.163.192.252] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.192.252/; sid:900520236; rev:1;)
alert tcp $HOME_NET any -> [187.163.143.13] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.143.13/; sid:900520234; rev:1;)
alert tcp $HOME_NET any -> [181.39.96.86] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.96.86/; sid:900520231; rev:1;)
alert tcp $HOME_NET any -> [200.84.36.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.36.201/; sid:900520248; rev:1;)
alert tcp $HOME_NET any -> [92.11.254.135] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.254.135/; sid:900520254; rev:1;)
alert tcp $HOME_NET any -> [200.52.206.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.206.246/; sid:900520246; rev:1;)
alert tcp $HOME_NET any -> [190.72.254.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.254.66/; sid:900520245; rev:1;)
alert tcp $HOME_NET any -> [181.166.88.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.166.88.217/; sid:900520230; rev:1;)
alert tcp $HOME_NET any -> [200.68.68.153] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.68.153/; sid:900520247; rev:1;)
alert tcp $HOME_NET any -> [81.214.63.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.63.242/; sid:900520253; rev:1;)
alert tcp $HOME_NET any -> [189.222.109.159] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.109.159/; sid:900520237; rev:1;)
alert tcp $HOME_NET any -> [186.24.240.240] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.24.240.240/; sid:900520233; rev:1;)
alert tcp $HOME_NET any -> [169.0.100.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.48/; sid:900520229; rev:1;)
alert tcp $HOME_NET any -> [190.158.224.107] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.224.107/; sid:900520241; rev:1;)
alert tcp $HOME_NET any -> [190.171.237.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.189/; sid:900520242; rev:1;)
alert tcp $HOME_NET any -> [190.245.107.73] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.107.73/; sid:900520244; rev:1;)
alert tcp $HOME_NET any -> [189.149.12.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.12.180/; sid:900520235; rev:1;)
alert tcp $HOME_NET any -> [186.137.231.77] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.231.77/; sid:900520232; rev:1;)
alert tcp $HOME_NET any -> [200.127.231.105] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.231.105/; sid:900520249; rev:1;)
alert tcp $HOME_NET any -> [189.228.101.204] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.101.204/; sid:900520238; rev:1;)
alert tcp $HOME_NET any -> [139.13.93.50] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.93.50/; sid:900520228; rev:1;)
alert tcp $HOME_NET any -> [201.214.147.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.147.166/; sid:900520255; rev:1;)
alert tcp $HOME_NET any -> [182.191.119.91] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.119.91/; sid:900520224; rev:1;)
alert tcp $HOME_NET any -> [95.70.224.237] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.70.224.237/; sid:900520216; rev:1;)
alert tcp $HOME_NET any -> [88.247.76.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.76.191/; sid:900520226; rev:1;)
alert tcp $HOME_NET any -> [201.238.171.6] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.171.6/; sid:900520209; rev:1;)
alert tcp $HOME_NET any -> [177.240.208.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.240.208.251/; sid:900520222; rev:1;)
alert tcp $HOME_NET any -> [187.163.179.73] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.179.73/; sid:900520186; rev:1;)
alert tcp $HOME_NET any -> [197.211.244.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.244.219/; sid:900520157; rev:1;)
alert tcp $HOME_NET any -> [190.240.175.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.175.190/; sid:900520181; rev:1;)
alert tcp $HOME_NET any -> [190.146.169.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.169.53/; sid:900520176; rev:1;)
alert tcp $HOME_NET any -> [189.218.186.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.186.138/; sid:900520183; rev:1;)
alert tcp $HOME_NET any -> [181.230.129.137] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.129.137/; sid:900520161; rev:1;)
alert tcp $HOME_NET any -> [186.3.223.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.223.3/; sid:900520177; rev:1;)
alert tcp $HOME_NET any -> [187.241.18.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.241.18.251/; sid:900520182; rev:1;)
alert tcp $HOME_NET any -> [200.194.14.232] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.194.14.232/; sid:900520218; rev:1;)
alert tcp $HOME_NET any -> [187.163.91.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.91.104/; sid:900520337; rev:1;)
alert tcp $HOME_NET any -> [178.141.80.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.141.80.155/; sid:900520118; rev:1;)
alert tcp $HOME_NET any -> [186.101.235.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.235.14/; sid:900520123; rev:1;)
alert tcp $HOME_NET any -> [190.106.97.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.106.97.230/; sid:900520129; rev:1;)
alert tcp $HOME_NET any -> [188.194.63.4] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.194.63.4/; sid:900520126; rev:1;)
alert tcp $HOME_NET any -> [190.84.160.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.160.195/; sid:900520134; rev:1;)
alert tcp $HOME_NET any -> [190.131.157.113] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.157.113/; sid:900520130; rev:1;)
alert tcp $HOME_NET any -> [190.195.129.227] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.129.227/; sid:900520143; rev:1;)
alert tcp $HOME_NET any -> [117.3.39.85] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.3.39.85/; sid:900520100; rev:1;)
alert tcp $HOME_NET any -> [186.4.172.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.172.5/; sid:900520151; rev:1;)
alert tcp $HOME_NET any -> [220.161.178.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.161.178.6/; sid:900520264; rev:1;)
alert tcp $HOME_NET any -> [69.195.223.154] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.195.223.154/; sid:900520098; rev:1;)
alert tcp $HOME_NET any -> [103.9.226.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.226.57/; sid:900520050; rev:1;)
alert tcp $HOME_NET any -> [181.168.130.219] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.130.219/; sid:900520054; rev:1;)
alert tcp $HOME_NET any -> [186.170.25.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.170.25.122/; sid:900520081; rev:1;)
alert tcp $HOME_NET any -> [186.120.211.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.211.26/; sid:900520040; rev:1;)
alert tcp $HOME_NET any -> [186.114.143.12] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.143.12/; sid:900520039; rev:1;)
alert tcp $HOME_NET any -> [186.33.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.33.185.229/; sid:900520041; rev:1;)
alert tcp $HOME_NET any -> [181.60.244.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.244.166/; sid:900520038; rev:1;)
alert tcp $HOME_NET any -> [190.11.22.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.22.92/; sid:900520044; rev:1;)
alert tcp $HOME_NET any -> [78.189.21.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.21.131/; sid:900520063; rev:1;)
alert tcp $HOME_NET any -> [181.48.61.138] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.61.138/; sid:900520037; rev:1;)
alert tcp $HOME_NET any -> [201.190.150.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.150.60/; sid:900520082; rev:1;)
alert tcp $HOME_NET any -> [200.71.148.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.148.138/; sid:900520003; rev:1;)
alert tcp $HOME_NET any -> [79.78.139.74] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.139.74/; sid:900519980; rev:1;)
alert tcp $HOME_NET any -> [78.186.175.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.54/; sid:900519979; rev:1;)
alert tcp $HOME_NET any -> [81.136.148.196] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.148.196/; sid:900519981; rev:1;)
alert tcp $HOME_NET any -> [181.29.77.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.77.158/; sid:900519971; rev:1;)
alert tcp $HOME_NET any -> [190.210.37.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.37.122/; sid:900519976; rev:1;)
alert tcp $HOME_NET any -> [201.212.49.159] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.159/; sid:900519961; rev:1;)
alert tcp $HOME_NET any -> [190.104.221.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.221.186/; sid:900519956; rev:1;)
alert tcp $HOME_NET any -> [190.145.67.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.67.178/; sid:900519948; rev:1;)
alert tcp $HOME_NET any -> [203.122.236.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.236.163/; sid:900520086; rev:1;)
alert tcp $HOME_NET any -> [216.244.217.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.217.182/; sid:900520023; rev:1;)
alert tcp $HOME_NET any -> [70.45.114.92] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.114.92/; sid:900519952; rev:1;)
alert tcp $HOME_NET any -> [50.101.109.25] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.109.25/; sid:900519924; rev:1;)
alert tcp $HOME_NET any -> [190.0.28.219] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.28.219/; sid:900519926; rev:1;)
alert tcp $HOME_NET any -> [181.177.213.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.177.213.144/; sid:900520278; rev:1;)
alert tcp $HOME_NET any -> [94.70.164.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.164.109/; sid:900520282; rev:1;)
alert tcp $HOME_NET any -> [181.39.166.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.166.254/; sid:900520276; rev:1;)
alert tcp $HOME_NET any -> [181.143.126.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.126.170/; sid:900520275; rev:1;)
alert tcp $HOME_NET any -> [190.1.49.204] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.1.49.204/; sid:900520022; rev:1;)
alert tcp $HOME_NET any -> [81.143.197.4] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.197.4/; sid:900519891; rev:1;)
alert tcp $HOME_NET any -> [99.226.186.39] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.226.186.39/; sid:900519875; rev:1;)
alert tcp $HOME_NET any -> [200.91.50.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.91.50.2/; sid:900519886; rev:1;)
alert tcp $HOME_NET any -> [200.123.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.150.89/; sid:900519906; rev:1;)
alert tcp $HOME_NET any -> [209.239.4.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.4.118/; sid:900519933; rev:1;)
alert tcp $HOME_NET any -> [190.75.47.24] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.47.24/; sid:900520223; rev:1;)
alert tcp $HOME_NET any -> [78.187.173.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.173.144/; sid:900519801; rev:1;)
alert tcp $HOME_NET any -> [170.84.133.72] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.133.72/; sid:900519640; rev:1;)
alert tcp $HOME_NET any -> [85.106.1.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.106.1.166/; sid:900519742; rev:1;)
alert tcp $HOME_NET any -> [213.16.213.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.16.213.197/; sid:900519701; rev:1;)
alert tcp $HOME_NET any -> [190.220.69.69] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.69.69/; sid:900519678; rev:1;)
alert tcp $HOME_NET any -> [86.43.125.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.43.125.152/; sid:900519745; rev:1;)
alert tcp $HOME_NET any -> [181.228.204.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.204.125/; sid:900519775; rev:1;)
alert tcp $HOME_NET any -> [189.210.114.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.114.18/; sid:900519663; rev:1;)
alert tcp $HOME_NET any -> [200.23.18.172] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.23.18.172/; sid:900519684; rev:1;)
alert tcp $HOME_NET any -> [186.4.167.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.167.166/; sid:900519655; rev:1;)
alert tcp $HOME_NET any -> [120.150.236.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.236.64/; sid:900519629; rev:1;)
alert tcp $HOME_NET any -> [181.63.199.17] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.199.17/; sid:900520281; rev:1;)
alert tcp $HOME_NET any -> [181.129.130.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.130.82/; sid:900519649; rev:1;)
alert tcp $HOME_NET any -> [190.2.43.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.2.43.237/; sid:900519676; rev:1;)
alert tcp $HOME_NET any -> [190.8.246.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.8.246.18/; sid:900519851; rev:1;)
alert tcp $HOME_NET any -> [85.105.203.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.203.77/; sid:900519803; rev:1;)
alert tcp $HOME_NET any -> [190.186.42.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.42.98/; sid:900520266; rev:1;)
alert tcp $HOME_NET any -> [198.74.58.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.74.58.47/; sid:900519575; rev:1;)
alert tcp $HOME_NET any -> [186.146.1.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.1.36/; sid:900519653; rev:1;)
alert tcp $HOME_NET any -> [109.170.209.165] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.209.165/; sid:900519621; rev:1;)
alert tcp $HOME_NET any -> [81.130.191.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.191.202/; sid:900519738; rev:1;)
alert tcp $HOME_NET any -> [95.50.45.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.50.45.218/; sid:900519753; rev:1;)
alert tcp $HOME_NET any -> [41.215.127.30] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.127.30/; sid:900519594; rev:1;)
alert tcp $HOME_NET any -> [181.27.126.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.126.228/; sid:900519842; rev:1;)
alert tcp $HOME_NET any -> [148.69.94.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.69.94.166/; sid:900519837; rev:1;)
alert tcp $HOME_NET any -> [120.150.206.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.206.156/; sid:900519102; rev:1;)
alert tcp $HOME_NET any -> [39.112.243.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.112.243.65/; sid:900518740; rev:1;)
alert tcp $HOME_NET any -> [200.21.90.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.90.6/; sid:900518706; rev:1;)
alert tcp $HOME_NET any -> [45.123.3.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.3.54/; sid:900518658; rev:1;)
alert tcp $HOME_NET any -> [192.155.90.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.155.90.90/; sid:900520154; rev:1;)
alert tcp $HOME_NET any -> [165.227.213.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.213.173/; sid:900520256; rev:1;)
alert tcp $HOME_NET any -> [200.57.102.71] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.57.102.71/; sid:900519688; rev:1;)
alert tcp $HOME_NET any -> [210.77.89.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.77.89.109/; sid:900519704; rev:1;)
alert tcp $HOME_NET any -> [182.56.134.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.56.134.44/; sid:900519840; rev:1;)
alert tcp $HOME_NET any -> [176.88.227.26] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.88.227.26/; sid:900519647; rev:1;)
alert tcp $HOME_NET any -> [114.79.137.106] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.137.106/; sid:900519771; rev:1;)
alert tcp $HOME_NET any -> [190.92.39.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.39.2/; sid:900507285; rev:1;)
alert tcp $HOME_NET any -> [190.6.230.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.230.215/; sid:900519847; rev:1;)
alert tcp $HOME_NET any -> [81.140.49.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.140.49.231/; sid:900519834; rev:1;)
alert tcp $HOME_NET any -> [77.159.55.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.159.55.80/; sid:900519831; rev:1;)
alert tcp $HOME_NET any -> [95.141.175.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.141.175.240/; sid:900519752; rev:1;)
alert tcp $HOME_NET any -> [80.11.163.139] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.163.139/; sid:900520221; rev:1;)
alert tcp $HOME_NET any -> [49.212.135.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.135.76/; sid:900506760; rev:1;)
# END (390) entries