################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset # # Last updated: 2023-02-04 08:41:57 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900505003; rev:1;) alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900505528; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900505871; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900505872; rev:1;) alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900505979; rev:1;) alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900506190; rev:1;) alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900506231; rev:1;) alert tcp $HOME_NET any -> [204.174.223.210] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.174.223.210/; sid:900506350; rev:1;) alert tcp $HOME_NET any -> [192.99.150.39] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.150.39/; sid:900506412; rev:1;) alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900506508; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900506514; rev:1;) alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900506579; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900506589; rev:1;) alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900506590; rev:1;) alert tcp $HOME_NET any -> [173.21.10.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.10.71/; sid:900506600; rev:1;) alert tcp $HOME_NET any -> [45.46.53.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.53.140/; sid:900506603; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900506604; rev:1;) alert tcp $HOME_NET any -> [71.74.12.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.74.12.34/; sid:900506613; rev:1;) alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900506738; rev:1;) alert tcp $HOME_NET any -> [212.112.86.37] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.86.37/; sid:900506750; rev:1;) alert tcp $HOME_NET any -> [69.64.50.41] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.50.41/; sid:900506771; rev:1;) alert tcp $HOME_NET any -> [96.37.113.36] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.113.36/; sid:900506787; rev:1;) alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900506910; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900506952; rev:1;) alert tcp $HOME_NET any -> [95.110.160.239] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.110.160.239/; sid:900507014; rev:1;) alert tcp $HOME_NET any -> [196.44.98.190] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.44.98.190/; sid:900507065; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900507094; rev:1;) alert tcp $HOME_NET any -> [87.120.254.252] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.252/; sid:900507253; rev:1;) alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900507312; rev:1;) alert tcp $HOME_NET any -> [198.27.67.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900507356; rev:1;) alert tcp $HOME_NET any -> [129.232.146.250] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.146.250/; sid:900507375; rev:1;) alert tcp $HOME_NET any -> [144.91.122.94] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.94/; sid:900507519; rev:1;) alert tcp $HOME_NET any -> [24.178.196.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.196.158/; sid:900507534; rev:1;) alert tcp $HOME_NET any -> [182.191.92.203] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.92.203/; sid:900507550; rev:1;) alert tcp $HOME_NET any -> [31.35.28.29] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.35.28.29/; sid:900507591; rev:1;) alert tcp $HOME_NET any -> [103.124.107.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.107.109/; sid:900507639; rev:1;) alert tcp $HOME_NET any -> [103.9.36.172] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.36.172/; sid:900507658; rev:1;) alert tcp $HOME_NET any -> [128.199.93.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.93.156/; sid:900507795; rev:1;) alert tcp $HOME_NET any -> [139.196.72.155] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.196.72.155/; sid:900507799; rev:1;) alert tcp $HOME_NET any -> [142.93.76.76] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900507858; rev:1;) alert tcp $HOME_NET any -> [66.230.104.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.230.104.103/; sid:900507940; rev:1;) alert tcp $HOME_NET any -> [197.89.20.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.20.13/; sid:900507949; rev:1;) alert tcp $HOME_NET any -> [47.23.89.60] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.60/; sid:900507995; rev:1;) alert tcp $HOME_NET any -> [196.203.37.215] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.203.37.215/; sid:900508012; rev:1;) alert tcp $HOME_NET any -> [24.55.67.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.67.176/; sid:900508087; rev:1;) alert tcp $HOME_NET any -> [103.75.201.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.2/; sid:900508121; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508125; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900508126; rev:1;) alert tcp $HOME_NET any -> [70.46.220.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.220.114/; sid:900508132; rev:1;) alert tcp $HOME_NET any -> [47.23.89.61] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.61/; sid:900508156; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900508263; rev:1;) alert tcp $HOME_NET any -> [45.76.1.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.1.145/; sid:900508282; rev:1;) alert tcp $HOME_NET any -> [116.125.120.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.125.120.88/; sid:900508291; rev:1;) alert tcp $HOME_NET any -> [172.115.177.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.177.204/; sid:900508297; rev:1;) alert tcp $HOME_NET any -> [174.69.215.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.69.215.101/; sid:900508298; rev:1;) alert tcp $HOME_NET any -> [202.29.239.162] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.162/; sid:900508360; rev:1;) alert tcp $HOME_NET any -> [85.104.122.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.122.231/; sid:900508640; rev:1;) alert tcp $HOME_NET any -> [178.62.112.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.112.199/; sid:900508734; rev:1;) alert tcp $HOME_NET any -> [165.227.166.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.166.238/; sid:900508905; rev:1;) alert tcp $HOME_NET any -> [167.172.248.70] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.248.70/; sid:900508906; rev:1;) alert tcp $HOME_NET any -> [159.89.202.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.202.34/; sid:900508916; rev:1;) alert tcp $HOME_NET any -> [23.88.117.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.88.117.246/; sid:900508984; rev:1;) alert tcp $HOME_NET any -> [104.244.79.94] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.79.94/; sid:900509134; rev:1;) alert tcp $HOME_NET any -> [103.224.241.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.241.74/; sid:900509136; rev:1;) alert tcp $HOME_NET any -> [162.243.103.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.103.246/; sid:900509159; rev:1;) alert tcp $HOME_NET any -> [203.217.140.239] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.140.239/; sid:900509166; rev:1;) alert tcp $HOME_NET any -> [218.38.121.17] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.121.17/; sid:900509168; rev:1;) alert tcp $HOME_NET any -> [165.227.153.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.153.100/; sid:900509177; rev:1;) alert tcp $HOME_NET any -> [138.197.68.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.68.35/; sid:900509205; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900509229; rev:1;) alert tcp $HOME_NET any -> [172.105.226.75] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.226.75/; sid:900509271; rev:1;) alert tcp $HOME_NET any -> [46.101.234.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.234.246/; sid:900509307; rev:1;) alert tcp $HOME_NET any -> [81.193.30.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.193.30.90/; sid:900509356; rev:1;) alert tcp $HOME_NET any -> [213.239.212.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.239.212.5/; sid:900509449; rev:1;) alert tcp $HOME_NET any -> [174.138.33.49] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.138.33.49/; sid:900509455; rev:1;) alert tcp $HOME_NET any -> [104.168.155.143] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.143/; sid:900509458; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900509459; rev:1;) alert tcp $HOME_NET any -> [146.59.151.250] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.151.250/; sid:900509475; rev:1;) alert tcp $HOME_NET any -> [164.90.222.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.222.65/; sid:900509489; rev:1;) alert tcp $HOME_NET any -> [203.217.140.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.140.239/; sid:900509498; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900509502; rev:1;) alert tcp $HOME_NET any -> [179.158.103.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.103.236/; sid:900509640; rev:1;) alert tcp $HOME_NET any -> [146.59.116.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.49/; sid:900509673; rev:1;) alert tcp $HOME_NET any -> [72.88.245.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.88.245.71/; sid:900509698; rev:1;) alert tcp $HOME_NET any -> [66.181.164.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.181.164.43/; sid:900509699; rev:1;) alert tcp $HOME_NET any -> [111.125.157.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.157.230/; sid:900509746; rev:1;) alert tcp $HOME_NET any -> [144.202.15.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.15.58/; sid:900509754; rev:1;) alert tcp $HOME_NET any -> [115.247.12.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.247.12.66/; sid:900509761; rev:1;) alert tcp $HOME_NET any -> [75.71.96.226] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.71.96.226/; sid:900509806; rev:1;) alert tcp $HOME_NET any -> [58.186.75.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.186.75.42/; sid:900509809; rev:1;) alert tcp $HOME_NET any -> [51.83.250.153] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.153/; sid:900509895; rev:1;) alert tcp $HOME_NET any -> [198.2.51.242] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.2.51.242/; sid:900509902; rev:1;) alert tcp $HOME_NET any -> [186.18.210.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.210.16/; sid:900509903; rev:1;) alert tcp $HOME_NET any -> [45.230.169.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.169.132/; sid:900509917; rev:1;) alert tcp $HOME_NET any -> [54.38.136.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.144/; sid:900509934; rev:1;) alert tcp $HOME_NET any -> [163.182.177.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.182.177.80/; sid:900509968; rev:1;) alert tcp $HOME_NET any -> [152.170.17.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.17.136/; sid:900509977; rev:1;) alert tcp $HOME_NET any -> [216.131.22.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.131.22.236/; sid:900509978; rev:1;) alert tcp $HOME_NET any -> [136.232.184.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.184.134/; sid:900509993; rev:1;) alert tcp $HOME_NET any -> [146.59.116.146] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.146/; sid:900510000; rev:1;) alert tcp $HOME_NET any -> [90.165.109.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.165.109.4/; sid:900510013; rev:1;) alert tcp $HOME_NET any -> [98.207.190.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.207.190.55/; sid:900510021; rev:1;) alert tcp $HOME_NET any -> [58.247.115.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.247.115.126/; sid:900510029; rev:1;) alert tcp $HOME_NET any -> [24.206.27.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.206.27.39/; sid:900510032; rev:1;) alert tcp $HOME_NET any -> [24.9.220.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.9.220.167/; sid:900510035; rev:1;) alert tcp $HOME_NET any -> [64.123.103.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.123.103.123/; sid:900510044; rev:1;) alert tcp $HOME_NET any -> [27.109.19.90] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.19.90/; sid:900510073; rev:1;) alert tcp $HOME_NET any -> [103.233.103.85] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.103.85/; sid:900510081; rev:1;) alert tcp $HOME_NET any -> [112.141.184.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.141.184.246/; sid:900510084; rev:1;) alert tcp $HOME_NET any -> [109.133.67.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.133.67.116/; sid:900510086; rev:1;) alert tcp $HOME_NET any -> [84.35.26.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.35.26.14/; sid:900510092; rev:1;) alert tcp $HOME_NET any -> [74.92.243.113] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.92.243.113/; sid:900510094; rev:1;) alert tcp $HOME_NET any -> [85.241.180.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.241.180.94/; sid:900510107; rev:1;) alert tcp $HOME_NET any -> [87.57.13.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.57.13.215/; sid:900510108; rev:1;) alert tcp $HOME_NET any -> [146.59.116.196] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.196/; sid:900510111; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510113; rev:1;) alert tcp $HOME_NET any -> [123.3.240.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.3.240.16/; sid:900510115; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510121; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900510124; rev:1;) alert tcp $HOME_NET any -> [24.253.221.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.253.221.86/; sid:900510128; rev:1;) alert tcp $HOME_NET any -> [76.125.91.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.125.91.160/; sid:900510129; rev:1;) alert tcp $HOME_NET any -> [88.171.156.150] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.171.156.150/; sid:900510136; rev:1;) alert tcp $HOME_NET any -> [73.88.173.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.88.173.113/; sid:900510138; rev:1;) alert tcp $HOME_NET any -> [49.175.72.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.56/; sid:900510140; rev:1;) alert tcp $HOME_NET any -> [70.64.77.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.77.115/; sid:900510142; rev:1;) alert tcp $HOME_NET any -> [66.131.25.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.131.25.6/; sid:900510145; rev:1;) alert tcp $HOME_NET any -> [182.162.143.56] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.162.143.56/; sid:900510147; rev:1;) alert tcp $HOME_NET any -> [186.250.48.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.5/; sid:900510150; rev:1;) alert tcp $HOME_NET any -> [167.172.199.165] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.199.165/; sid:900510152; rev:1;) alert tcp $HOME_NET any -> [187.63.160.88] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.63.160.88/; sid:900510153; rev:1;) alert tcp $HOME_NET any -> [73.165.119.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.165.119.20/; sid:900510156; rev:1;) alert tcp $HOME_NET any -> [174.104.184.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.104.184.149/; sid:900510160; rev:1;) alert tcp $HOME_NET any -> [62.35.100.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.100.38/; sid:900510166; rev:1;) alert tcp $HOME_NET any -> [58.162.223.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.162.223.233/; sid:900510167; rev:1;) alert tcp $HOME_NET any -> [64.127.146.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.127.146.153/; sid:900510174; rev:1;) alert tcp $HOME_NET any -> [50.86.217.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.86.217.209/; sid:900510178; rev:1;) alert tcp $HOME_NET any -> [27.254.65.114] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.65.114/; sid:900510179; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900510181; rev:1;) alert tcp $HOME_NET any -> [108.44.207.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.44.207.232/; sid:900510182; rev:1;) alert tcp $HOME_NET any -> [51.75.63.234] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.63.234/; sid:900510185; rev:1;) alert tcp $HOME_NET any -> [173.32.181.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.32.181.236/; sid:900510191; rev:1;) alert tcp $HOME_NET any -> [68.103.242.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.103.242.126/; sid:900510192; rev:1;) alert tcp $HOME_NET any -> [92.239.81.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.239.81.124/; sid:900510193; rev:1;) alert tcp $HOME_NET any -> [92.90.101.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.90.101.167/; sid:900510200; rev:1;) alert tcp $HOME_NET any -> [87.220.68.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.68.51/; sid:900510203; rev:1;) alert tcp $HOME_NET any -> [75.156.125.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.125.215/; sid:900510205; rev:1;) alert tcp $HOME_NET any -> [75.99.125.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.125.238/; sid:900510206; rev:1;) alert tcp $HOME_NET any -> [84.113.121.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.113.121.103/; sid:900510207; rev:1;) alert tcp $HOME_NET any -> [47.34.30.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.34.30.133/; sid:900510211; rev:1;) alert tcp $HOME_NET any -> [91.68.227.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.68.227.219/; sid:900510213; rev:1;) alert tcp $HOME_NET any -> [89.115.196.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.115.196.99/; sid:900510217; rev:1;) alert tcp $HOME_NET any -> [73.36.196.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.36.196.11/; sid:900510219; rev:1;) alert tcp $HOME_NET any -> [75.98.154.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.98.154.19/; sid:900510222; rev:1;) alert tcp $HOME_NET any -> [91.169.12.198] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.169.12.198/; sid:900510223; rev:1;) alert tcp $HOME_NET any -> [86.225.214.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.225.214.138/; sid:900510224; rev:1;) alert tcp $HOME_NET any -> [91.165.188.74] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.165.188.74/; sid:900510229; rev:1;) alert tcp $HOME_NET any -> [80.0.74.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.0.74.165/; sid:900510232; rev:1;) alert tcp $HOME_NET any -> [24.4.239.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.4.239.157/; sid:900510236; rev:1;) alert tcp $HOME_NET any -> [174.58.146.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.58.146.57/; sid:900510240; rev:1;) alert tcp $HOME_NET any -> [70.181.149.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.181.149.227/; sid:900510241; rev:1;) alert tcp $HOME_NET any -> [75.141.227.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.141.227.169/; sid:900510243; rev:1;) alert tcp $HOME_NET any -> [136.244.25.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.244.25.165/; sid:900510244; rev:1;) alert tcp $HOME_NET any -> [139.5.239.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.239.14/; sid:900510245; rev:1;) alert tcp $HOME_NET any -> [73.223.248.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.223.248.31/; sid:900510254; rev:1;) alert tcp $HOME_NET any -> [70.66.199.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.66.199.12/; sid:900510257; rev:1;) alert tcp $HOME_NET any -> [24.142.218.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.142.218.202/; sid:900510259; rev:1;) alert tcp $HOME_NET any -> [73.29.92.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.29.92.128/; sid:900510262; rev:1;) alert tcp $HOME_NET any -> [184.153.132.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.153.132.82/; sid:900510264; rev:1;) alert tcp $HOME_NET any -> [67.10.175.47] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.175.47/; sid:900510265; rev:1;) alert tcp $HOME_NET any -> [90.104.22.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.104.22.28/; sid:900510266; rev:1;) alert tcp $HOME_NET any -> [85.61.165.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.61.165.153/; sid:900510271; rev:1;) alert tcp $HOME_NET any -> [94.63.65.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.63.65.146/; sid:900510273; rev:1;) alert tcp $HOME_NET any -> [76.185.166.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.166.168/; sid:900510281; rev:1;) alert tcp $HOME_NET any -> [98.145.23.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.145.23.67/; sid:900510286; rev:1;) alert tcp $HOME_NET any -> [173.209.185.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.209.185.159/; sid:900510287; rev:1;) alert tcp $HOME_NET any -> [151.237.76.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.76.117/; sid:900510289; rev:1;) alert tcp $HOME_NET any -> [85.59.61.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.59.61.52/; sid:900510291; rev:1;) alert tcp $HOME_NET any -> [54.37.131.10] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.10/; sid:900510293; rev:1;) alert tcp $HOME_NET any -> [66.168.180.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.168.180.66/; sid:900510297; rev:1;) alert tcp $HOME_NET any -> [51.83.225.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.225.143/; sid:900510319; rev:1;) alert tcp $HOME_NET any -> [73.60.227.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.227.230/; sid:900510324; rev:1;) alert tcp $HOME_NET any -> [115.178.55.22] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.178.55.22/; sid:900510325; rev:1;) alert tcp $HOME_NET any -> [172.105.115.71] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.115.71/; sid:900510326; rev:1;) alert tcp $HOME_NET any -> [146.59.116.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.242/; sid:900510330; rev:1;) alert tcp $HOME_NET any -> [138.207.238.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.238.47/; sid:900510334; rev:1;) alert tcp $HOME_NET any -> [54.37.130.24] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.24/; sid:900510336; rev:1;) alert tcp $HOME_NET any -> [92.27.86.48] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.86.48/; sid:900510338; rev:1;) alert tcp $HOME_NET any -> [92.207.132.174] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.207.132.174/; sid:900510342; rev:1;) alert tcp $HOME_NET any -> [74.66.134.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.66.134.24/; sid:900510345; rev:1;) alert tcp $HOME_NET any -> [213.67.255.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.67.255.57/; sid:900510355; rev:1;) alert tcp $HOME_NET any -> [109.11.175.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.11.175.42/; sid:900510359; rev:1;) alert tcp $HOME_NET any -> [75.143.236.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.143.236.149/; sid:900510366; rev:1;) alert tcp $HOME_NET any -> [176.142.207.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.142.207.63/; sid:900510367; rev:1;) alert tcp $HOME_NET any -> [87.65.160.87] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.65.160.87/; sid:900510372; rev:1;) alert tcp $HOME_NET any -> [69.133.162.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.133.162.35/; sid:900510373; rev:1;) alert tcp $HOME_NET any -> [81.229.117.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.229.117.95/; sid:900510374; rev:1;) alert tcp $HOME_NET any -> [68.47.128.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.47.128.161/; sid:900510375; rev:1;) alert tcp $HOME_NET any -> [88.126.94.4] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.126.94.4/; sid:900510377; rev:1;) alert tcp $HOME_NET any -> [37.14.229.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.14.229.220/; sid:900510385; rev:1;) alert tcp $HOME_NET any -> [24.228.132.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.228.132.224/; sid:900510391; rev:1;) alert tcp $HOME_NET any -> [199.83.165.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.83.165.233/; sid:900510395; rev:1;) alert tcp $HOME_NET any -> [80.103.77.44] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.103.77.44/; sid:900510396; rev:1;) alert tcp $HOME_NET any -> [86.45.66.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.45.66.141/; sid:900510400; rev:1;) alert tcp $HOME_NET any -> [92.149.205.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.149.205.238/; sid:900510401; rev:1;) alert tcp $HOME_NET any -> [142.161.27.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.161.27.232/; sid:900510404; rev:1;) alert tcp $HOME_NET any -> [92.189.214.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.189.214.236/; sid:900510407; rev:1;) alert tcp $HOME_NET any -> [100.16.107.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.16.107.117/; sid:900510410; rev:1;) alert tcp $HOME_NET any -> [89.129.109.27] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.129.109.27/; sid:900510411; rev:1;) alert tcp $HOME_NET any -> [93.24.192.142] 20 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.24.192.142/; sid:900510412; rev:1;) alert tcp $HOME_NET any -> [2.98.146.106] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.98.146.106/; sid:900510413; rev:1;) alert tcp $HOME_NET any -> [62.35.67.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.67.88/; sid:900510414; rev:1;) alert tcp $HOME_NET any -> [87.202.101.164] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.202.101.164/; sid:900510415; rev:1;) alert tcp $HOME_NET any -> [178.169.196.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.169.196.115/; sid:900510416; rev:1;) alert tcp $HOME_NET any -> [27.99.45.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.99.45.237/; sid:900510417; rev:1;) alert tcp $HOME_NET any -> [81.111.108.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.111.108.123/; sid:900510418; rev:1;) alert tcp $HOME_NET any -> [76.80.180.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.80.180.154/; sid:900510420; rev:1;) alert tcp $HOME_NET any -> [172.90.139.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.90.139.138/; sid:900510422; rev:1;) alert tcp $HOME_NET any -> [209.171.163.72] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.171.163.72/; sid:900510426; rev:1;) alert tcp $HOME_NET any -> [70.121.198.103] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.121.198.103/; sid:900510432; rev:1;) alert tcp $HOME_NET any -> [88.152.182.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.152.182.39/; sid:900510433; rev:1;) alert tcp $HOME_NET any -> [78.92.133.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.92.133.215/; sid:900510440; rev:1;) alert tcp $HOME_NET any -> [79.92.15.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.92.15.6/; sid:900510443; rev:1;) alert tcp $HOME_NET any -> [131.106.168.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.106.168.223/; sid:900510444; rev:1;) alert tcp $HOME_NET any -> [73.230.28.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.230.28.7/; sid:900510445; rev:1;) alert tcp $HOME_NET any -> [70.50.3.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.3.214/; sid:900510452; rev:1;) alert tcp $HOME_NET any -> [71.31.101.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.101.183/; sid:900510458; rev:1;) alert tcp $HOME_NET any -> [73.22.121.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.22.121.210/; sid:900510459; rev:1;) alert tcp $HOME_NET any -> [90.162.45.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.162.45.154/; sid:900510462; rev:1;) alert tcp $HOME_NET any -> [76.20.42.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.20.42.45/; sid:900510464; rev:1;) alert tcp $HOME_NET any -> [75.191.246.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.191.246.70/; sid:900510465; rev:1;) alert tcp $HOME_NET any -> [66.191.69.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.191.69.18/; sid:900510471; rev:1;) alert tcp $HOME_NET any -> [173.18.126.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.126.3/; sid:900510479; rev:1;) alert tcp $HOME_NET any -> [197.148.17.17] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.148.17.17/; sid:900510492; rev:1;) alert tcp $HOME_NET any -> [2.99.47.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.99.47.198/; sid:900510496; rev:1;) alert tcp $HOME_NET any -> [89.152.120.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.152.120.181/; sid:900510497; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510498; rev:1;) alert tcp $HOME_NET any -> [83.114.60.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.114.60.6/; sid:900510500; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510505; rev:1;) alert tcp $HOME_NET any -> [184.176.154.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.154.83/; sid:900510507; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510509; rev:1;) alert tcp $HOME_NET any -> [217.128.91.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.91.196/; sid:900510511; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510512; rev:1;) alert tcp $HOME_NET any -> [69.119.123.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.119.123.159/; sid:900510513; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510514; rev:1;) alert tcp $HOME_NET any -> [78.247.21.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.247.21.20/; sid:900510516; rev:1;) alert tcp $HOME_NET any -> [98.147.155.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.147.155.235/; sid:900510518; rev:1;) alert tcp $HOME_NET any -> [76.184.95.190] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.184.95.190/; sid:900510523; rev:1;) alert tcp $HOME_NET any -> [81.250.33.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.250.33.243/; sid:900510524; rev:1;) alert tcp $HOME_NET any -> [136.35.241.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.35.241.159/; sid:900510527; rev:1;) alert tcp $HOME_NET any -> [98.187.21.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.187.21.2/; sid:900510529; rev:1;) alert tcp $HOME_NET any -> [82.36.36.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.36.36.76/; sid:900510530; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510533; rev:1;) alert tcp $HOME_NET any -> [103.55.67.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.55.67.180/; sid:900510543; rev:1;) alert tcp $HOME_NET any -> [87.243.146.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.243.146.59/; sid:900510546; rev:1;) alert tcp $HOME_NET any -> [54.37.130.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.195/; sid:900510550; rev:1;) alert tcp $HOME_NET any -> [89.79.229.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.79.229.50/; sid:900510551; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510552; rev:1;) alert tcp $HOME_NET any -> [73.161.176.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.161.176.218/; sid:900510553; rev:1;) alert tcp $HOME_NET any -> [184.155.91.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.155.91.69/; sid:900510563; rev:1;) alert tcp $HOME_NET any -> [73.155.10.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.155.10.79/; sid:900510566; rev:1;) alert tcp $HOME_NET any -> [213.191.164.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.164.70/; sid:900510569; rev:1;) alert tcp $HOME_NET any -> [72.200.109.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.200.109.104/; sid:900510574; rev:1;) alert tcp $HOME_NET any -> [75.158.15.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.158.15.211/; sid:900510577; rev:1;) alert tcp $HOME_NET any -> [188.176.170.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.176.170.61/; sid:900510582; rev:1;) alert tcp $HOME_NET any -> [221.161.103.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.161.103.6/; sid:900510583; rev:1;) alert tcp $HOME_NET any -> [83.248.199.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.248.199.56/; sid:900510598; rev:1;) alert tcp $HOME_NET any -> [46.162.109.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.162.109.183/; sid:900510599; rev:1;) alert tcp $HOME_NET any -> [70.95.236.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.95.236.129/; sid:900510600; rev:1;) alert tcp $HOME_NET any -> [97.93.192.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.192.2/; sid:900510601; rev:1;) alert tcp $HOME_NET any -> [77.86.98.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.86.98.236/; sid:900510607; rev:1;) alert tcp $HOME_NET any -> [47.203.227.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.203.227.114/; sid:900510617; rev:1;) alert tcp $HOME_NET any -> [193.251.52.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.251.52.34/; sid:900510628; rev:1;) alert tcp $HOME_NET any -> [85.7.61.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.7.61.22/; sid:900510644; rev:1;) alert tcp $HOME_NET any -> [93.147.235.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.235.8/; sid:900510648; rev:1;) alert tcp $HOME_NET any -> [76.100.159.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.100.159.250/; sid:900510649; rev:1;) alert tcp $HOME_NET any -> [100.8.168.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.8.168.108/; sid:900510655; rev:1;) alert tcp $HOME_NET any -> [84.219.213.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.219.213.130/; sid:900510657; rev:1;) alert tcp $HOME_NET any -> [103.144.201.62] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.62/; sid:900510661; rev:1;) alert tcp $HOME_NET any -> [90.116.219.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.116.219.167/; sid:900510667; rev:1;) alert tcp $HOME_NET any -> [85.152.152.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.152.46/; sid:900510668; rev:1;) alert tcp $HOME_NET any -> [72.11.161.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.11.161.70/; sid:900510669; rev:1;) alert tcp $HOME_NET any -> [83.92.85.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.92.85.93/; sid:900510671; rev:1;) alert tcp $HOME_NET any -> [92.186.69.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.69.229/; sid:900510673; rev:1;) alert tcp $HOME_NET any -> [176.133.4.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.4.230/; sid:900510676; rev:1;) alert tcp $HOME_NET any -> [71.46.234.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.46.234.171/; sid:900510680; rev:1;) alert tcp $HOME_NET any -> [117.186.222.30] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.186.222.30/; sid:900510686; rev:1;) alert tcp $HOME_NET any -> [146.59.116.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.25/; sid:900510693; rev:1;) alert tcp $HOME_NET any -> [70.160.80.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.160.80.210/; sid:900510705; rev:1;) alert tcp $HOME_NET any -> [82.11.242.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.11.242.219/; sid:900510711; rev:1;) alert tcp $HOME_NET any -> [185.135.120.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.120.81/; sid:900510730; rev:1;) alert tcp $HOME_NET any -> [54.37.131.158] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.158/; sid:900510733; rev:1;) alert tcp $HOME_NET any -> [85.245.221.87] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.245.221.87/; sid:900510741; rev:1;) alert tcp $HOME_NET any -> [31.167.254.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.254.199/; sid:900510752; rev:1;) alert tcp $HOME_NET any -> [70.77.116.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.77.116.233/; sid:900510757; rev:1;) alert tcp $HOME_NET any -> [81.248.77.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.248.77.37/; sid:900510758; rev:1;) alert tcp $HOME_NET any -> [162.248.14.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.14.107/; sid:900510760; rev:1;) alert tcp $HOME_NET any -> [74.93.148.97] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.93.148.97/; sid:900510761; rev:1;) alert tcp $HOME_NET any -> [85.231.105.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.231.105.49/; sid:900510764; rev:1;) alert tcp $HOME_NET any -> [146.59.116.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.185/; sid:900510776; rev:1;) alert tcp $HOME_NET any -> [84.215.202.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.215.202.22/; sid:900510797; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900510810; rev:1;) alert tcp $HOME_NET any -> [24.71.120.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.71.120.191/; sid:900510811; rev:1;) alert tcp $HOME_NET any -> [46.10.198.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.10.198.106/; sid:900510815; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900510817; rev:1;) alert tcp $HOME_NET any -> [92.154.17.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.17.149/; sid:900510819; rev:1;) alert tcp $HOME_NET any -> [94.30.98.134] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.30.98.134/; sid:900510820; rev:1;) alert tcp $HOME_NET any -> [193.32.212.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.32.212.114/; sid:900510821; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900510829; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900510830; rev:1;) alert tcp $HOME_NET any -> [83.213.192.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.213.192.136/; sid:900510831; rev:1;) alert tcp $HOME_NET any -> [67.61.71.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.61.71.201/; sid:900510833; rev:1;) alert tcp $HOME_NET any -> [150.107.231.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.107.231.59/; sid:900510840; rev:1;) alert tcp $HOME_NET any -> [72.133.240.122] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.240.122/; sid:900510843; rev:1;) alert tcp $HOME_NET any -> [208.180.17.32] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.17.32/; sid:900510845; rev:1;) alert tcp $HOME_NET any -> [184.189.41.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.189.41.80/; sid:900510846; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900510849; rev:1;) alert tcp $HOME_NET any -> [74.83.128.70] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.83.128.70/; sid:900510854; rev:1;) alert tcp $HOME_NET any -> [72.80.7.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.7.6/; sid:900510855; rev:1;) alert tcp $HOME_NET any -> [69.159.156.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.156.133/; sid:900510863; rev:1;) alert tcp $HOME_NET any -> [66.90.198.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.90.198.204/; sid:900510869; rev:1;) alert tcp $HOME_NET any -> [100.36.249.75] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.36.249.75/; sid:900510875; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 20 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510880; rev:1;) alert tcp $HOME_NET any -> [87.221.154.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.154.65/; sid:900510885; rev:1;) alert tcp $HOME_NET any -> [60.254.51.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.51.168/; sid:900510889; rev:1;) alert tcp $HOME_NET any -> [79.77.142.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.77.142.22/; sid:900510890; rev:1;) alert tcp $HOME_NET any -> [172.248.42.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.42.122/; sid:900510895; rev:1;) alert tcp $HOME_NET any -> [47.149.137.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.137.40/; sid:900510898; rev:1;) alert tcp $HOME_NET any -> [92.145.203.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.145.203.167/; sid:900510902; rev:1;) alert tcp $HOME_NET any -> [92.154.45.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.45.81/; sid:900510904; rev:1;) alert tcp $HOME_NET any -> [103.141.50.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.151/; sid:900510905; rev:1;) alert tcp $HOME_NET any -> [93.147.134.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.134.85/; sid:900510909; rev:1;) alert tcp $HOME_NET any -> [78.193.176.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.193.176.97/; sid:900510910; rev:1;) alert tcp $HOME_NET any -> [186.64.67.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.55/; sid:900510916; rev:1;) alert tcp $HOME_NET any -> [181.118.206.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.206.65/; sid:900510918; rev:1;) alert tcp $HOME_NET any -> [217.128.200.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.200.114/; sid:900510923; rev:1;) alert tcp $HOME_NET any -> [198.98.51.235] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.235/; sid:900510924; rev:1;) alert tcp $HOME_NET any -> [45.141.58.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.58.139/; sid:900510929; rev:1;) alert tcp $HOME_NET any -> [37.15.128.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.15.128.31/; sid:900510933; rev:1;) alert tcp $HOME_NET any -> [90.78.138.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.138.217/; sid:900510938; rev:1;) alert tcp $HOME_NET any -> [76.170.252.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.170.252.153/; sid:900510939; rev:1;) alert tcp $HOME_NET any -> [74.33.196.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.33.196.114/; sid:900510940; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900510941; rev:1;) alert tcp $HOME_NET any -> [216.36.153.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.36.153.248/; sid:900510942; rev:1;) alert tcp $HOME_NET any -> [73.214.105.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.214.105.238/; sid:900510944; rev:1;) alert tcp $HOME_NET any -> [171.97.42.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.42.82/; sid:900510954; rev:1;) alert tcp $HOME_NET any -> [103.212.19.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.212.19.254/; sid:900510956; rev:1;) alert tcp $HOME_NET any -> [103.42.86.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.42/; sid:900510958; rev:1;) alert tcp $HOME_NET any -> [90.27.44.76] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.27.44.76/; sid:900510959; rev:1;) alert tcp $HOME_NET any -> [86.195.14.72] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.14.72/; sid:900510965; rev:1;) alert tcp $HOME_NET any -> [206.166.209.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.166.209.170/; sid:900510966; rev:1;) alert tcp $HOME_NET any -> [96.255.66.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.255.66.51/; sid:900510968; rev:1;) alert tcp $HOME_NET any -> [69.165.145.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.165.145.141/; sid:900510970; rev:1;) alert tcp $HOME_NET any -> [65.95.85.172] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.85.172/; sid:900510972; rev:1;) alert tcp $HOME_NET any -> [92.8.187.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.187.85/; sid:900510973; rev:1;) alert tcp $HOME_NET any -> [80.98.132.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.98.132.66/; sid:900510981; rev:1;) alert tcp $HOME_NET any -> [27.0.48.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.48.233/; sid:900510985; rev:1;) alert tcp $HOME_NET any -> [202.142.98.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.98.62/; sid:900510986; rev:1;) alert tcp $HOME_NET any -> [176.177.136.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.177.136.35/; sid:900510987; rev:1;) alert tcp $HOME_NET any -> [89.203.252.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.203.252.238/; sid:900510991; rev:1;) alert tcp $HOME_NET any -> [201.137.206.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.206.40/; sid:900510992; rev:1;) alert tcp $HOME_NET any -> [91.254.132.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.132.23/; sid:900510993; rev:1;) alert tcp $HOME_NET any -> [181.4.227.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.227.82/; sid:900510995; rev:1;) alert tcp $HOME_NET any -> [24.69.84.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.84.237/; sid:900510996; rev:1;) alert tcp $HOME_NET any -> [67.253.226.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.253.226.137/; sid:900510998; rev:1;) alert tcp $HOME_NET any -> [50.67.17.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.67.17.92/; sid:900510999; rev:1;) alert tcp $HOME_NET any -> [95.23.15.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.23.15.84/; sid:900511000; rev:1;) alert tcp $HOME_NET any -> [71.112.212.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.112.212.166/; sid:900511002; rev:1;) alert tcp $HOME_NET any -> [149.74.159.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.74.159.67/; sid:900511003; rev:1;) alert tcp $HOME_NET any -> [173.178.151.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.151.233/; sid:900511004; rev:1;) alert tcp $HOME_NET any -> [2.82.10.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.10.152/; sid:900511005; rev:1;) alert tcp $HOME_NET any -> [125.20.112.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.20.112.94/; sid:900511007; rev:1;) alert tcp $HOME_NET any -> [201.244.108.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.108.183/; sid:900511008; rev:1;) alert tcp $HOME_NET any -> [190.35.44.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.35.44.194/; sid:900511013; rev:1;) alert tcp $HOME_NET any -> [92.148.54.239] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.148.54.239/; sid:900511015; rev:1;) alert tcp $HOME_NET any -> [124.171.159.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.171.159.71/; sid:900511016; rev:1;) alert tcp $HOME_NET any -> [59.28.84.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.28.84.65/; sid:900511017; rev:1;) alert tcp $HOME_NET any -> [189.222.74.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.74.224/; sid:900511020; rev:1;) alert tcp $HOME_NET any -> [178.153.3.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.3.212/; sid:900511023; rev:1;) alert tcp $HOME_NET any -> [202.142.98.62] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.98.62/; sid:900511025; rev:1;) alert tcp $HOME_NET any -> [82.31.37.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.31.37.241/; sid:900511027; rev:1;) alert tcp $HOME_NET any -> [103.195.16.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.195.16.175/; sid:900511028; rev:1;) alert tcp $HOME_NET any -> [31.120.202.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.120.202.209/; sid:900511031; rev:1;) alert tcp $HOME_NET any -> [173.76.49.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.76.49.61/; sid:900511035; rev:1;) alert tcp $HOME_NET any -> [86.134.75.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.134.75.5/; sid:900511038; rev:1;) alert tcp $HOME_NET any -> [27.0.48.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.48.205/; sid:900511041; rev:1;) alert tcp $HOME_NET any -> [183.87.163.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.163.165/; sid:900511043; rev:1;) alert tcp $HOME_NET any -> [75.115.14.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.115.14.189/; sid:900511048; rev:1;) alert tcp $HOME_NET any -> [86.178.217.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.217.180/; sid:900511049; rev:1;) alert tcp $HOME_NET any -> [24.130.149.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.130.149.95/; sid:900511051; rev:1;) alert tcp $HOME_NET any -> [46.24.136.17] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.136.17/; sid:900511052; rev:1;) alert tcp $HOME_NET any -> [86.160.217.36] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.160.217.36/; sid:900511054; rev:1;) alert tcp $HOME_NET any -> [121.121.100.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.88/; sid:900511055; rev:1;) alert tcp $HOME_NET any -> [213.31.90.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.31.90.183/; sid:900511056; rev:1;) alert tcp $HOME_NET any -> [103.252.7.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.252.7.228/; sid:900511061; rev:1;) alert tcp $HOME_NET any -> [93.156.96.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.96.104/; sid:900511062; rev:1;) alert tcp $HOME_NET any -> [85.85.34.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.85.34.201/; sid:900511063; rev:1;) alert tcp $HOME_NET any -> [193.253.100.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.100.236/; sid:900511065; rev:1;) alert tcp $HOME_NET any -> [74.214.61.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.214.61.68/; sid:900511066; rev:1;) alert tcp $HOME_NET any -> [192.111.146.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.189/; sid:900511067; rev:1;) alert tcp $HOME_NET any -> [86.139.213.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.213.115/; sid:900511068; rev:1;) alert tcp $HOME_NET any -> [84.219.213.130] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.219.213.130/; sid:900511069; rev:1;) alert tcp $HOME_NET any -> [201.210.79.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.79.16/; sid:900511070; rev:1;) alert tcp $HOME_NET any -> [114.79.144.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.144.210/; sid:900511073; rev:1;) alert tcp $HOME_NET any -> [108.62.118.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.219/; sid:900511078; rev:1;) alert tcp $HOME_NET any -> [74.83.128.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.83.128.70/; sid:900511079; rev:1;) alert tcp $HOME_NET any -> [91.171.148.162] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.171.148.162/; sid:900511080; rev:1;) alert tcp $HOME_NET any -> [90.75.188.155] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.75.188.155/; sid:900511081; rev:1;) alert tcp $HOME_NET any -> [72.80.7.6] 50003 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.7.6/; sid:900511082; rev:1;) alert tcp $HOME_NET any -> [23.108.57.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.250/; sid:900511083; rev:1;) alert tcp $HOME_NET any -> [108.62.118.235] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.235/; sid:900511085; rev:1;) alert tcp $HOME_NET any -> [51.186.2.140] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.186.2.140/; sid:900511086; rev:1;) alert tcp $HOME_NET any -> [104.219.233.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.101/; sid:900511087; rev:1;) alert tcp $HOME_NET any -> [149.3.170.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.179/; sid:900511088; rev:1;) alert tcp $HOME_NET any -> [145.239.135.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.135.16/; sid:900511089; rev:1;) alert tcp $HOME_NET any -> [198.98.51.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.250/; sid:900511090; rev:1;) alert tcp $HOME_NET any -> [199.195.249.106] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.249.106/; sid:900511091; rev:1;) alert tcp $HOME_NET any -> [91.245.254.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.254.107/; sid:900511092; rev:1;) alert tcp $HOME_NET any -> [206.189.28.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.28.199/; sid:900511093; rev:1;) alert tcp $HOME_NET any -> [51.68.46.188] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.46.188/; sid:900511094; rev:1;) alert tcp $HOME_NET any -> [142.93.76.76] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900511095; rev:1;) alert tcp $HOME_NET any -> [165.227.211.222] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.211.222/; sid:900511096; rev:1;) alert tcp $HOME_NET any -> [103.123.45.141] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.45.141/; sid:900511097; rev:1;) alert tcp $HOME_NET any -> [143.110.188.74] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.110.188.74/; sid:900511098; rev:1;) alert tcp $HOME_NET any -> [89.44.9.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.204/; sid:900511099; rev:1;) alert tcp $HOME_NET any -> [192.198.82.51] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.51/; sid:900511100; rev:1;) alert tcp $HOME_NET any -> [51.83.252.171] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.252.171/; sid:900511101; rev:1;) alert tcp $HOME_NET any -> [142.11.194.198] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.194.198/; sid:900511102; rev:1;) alert tcp $HOME_NET any -> [146.19.173.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.141/; sid:900511103; rev:1;) alert tcp $HOME_NET any -> [82.15.58.109] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.15.58.109/; sid:900511104; rev:1;) alert tcp $HOME_NET any -> [87.10.205.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.10.205.117/; sid:900511105; rev:1;) alert tcp $HOME_NET any -> [87.56.238.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.56.238.53/; sid:900511106; rev:1;) alert tcp $HOME_NET any -> [92.8.190.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.190.175/; sid:900511107; rev:1;) alert tcp $HOME_NET any -> [121.121.100.207] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.207/; sid:900511108; rev:1;) alert tcp $HOME_NET any -> [69.159.158.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.158.183/; sid:900511109; rev:1;) alert tcp $HOME_NET any -> [130.43.172.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.172.217/; sid:900511110; rev:1;) alert tcp $HOME_NET any -> [206.188.201.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.201.143/; sid:900511111; rev:1;) alert tcp $HOME_NET any -> [98.175.176.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.176.254/; sid:900511112; rev:1;) alert tcp $HOME_NET any -> [87.221.197.113] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.113/; sid:900511113; rev:1;) alert tcp $HOME_NET any -> [200.109.207.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.207.186/; sid:900511114; rev:1;) alert tcp $HOME_NET any -> [87.223.87.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.87.126/; sid:900511115; rev:1;) alert tcp $HOME_NET any -> [47.21.51.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.21.51.138/; sid:900511116; rev:1;) alert tcp $HOME_NET any -> [82.121.195.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.121.195.187/; sid:900511117; rev:1;) alert tcp $HOME_NET any -> [86.130.9.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.182/; sid:900511118; rev:1;) alert tcp $HOME_NET any -> [181.118.183.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.2/; sid:900511119; rev:1;) alert tcp $HOME_NET any -> [91.231.173.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.173.199/; sid:900511120; rev:1;) alert tcp $HOME_NET any -> [175.139.129.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.129.94/; sid:900511121; rev:1;) alert tcp $HOME_NET any -> [86.96.72.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.72.139/; sid:900511122; rev:1;) alert tcp $HOME_NET any -> [151.65.168.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.168.222/; sid:900511123; rev:1;) alert tcp $HOME_NET any -> [86.194.156.14] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.194.156.14/; sid:900511124; rev:1;) alert tcp $HOME_NET any -> [47.61.70.188] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.61.70.188/; sid:900511125; rev:1;) alert tcp $HOME_NET any -> [176.202.38.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.38.188/; sid:900511126; rev:1;) alert tcp $HOME_NET any -> [31.53.29.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.161/; sid:900511127; rev:1;) alert tcp $HOME_NET any -> [119.82.122.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.122.226/; sid:900511128; rev:1;) alert tcp $HOME_NET any -> [5.163.163.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.163.163.51/; sid:900511129; rev:1;) alert tcp $HOME_NET any -> [102.156.154.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.154.112/; sid:900511130; rev:1;) alert tcp $HOME_NET any -> [156.217.247.173] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.247.173/; sid:900511131; rev:1;) alert tcp $HOME_NET any -> [107.146.12.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.146.12.26/; sid:900511132; rev:1;) alert tcp $HOME_NET any -> [192.111.146.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.181/; sid:900511133; rev:1;) alert tcp $HOME_NET any -> [192.236.161.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.161.50/; sid:900511134; rev:1;) alert tcp $HOME_NET any -> [86.151.21.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.21.134/; sid:900511135; rev:1;) alert tcp $HOME_NET any -> [86.207.227.152] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.207.227.152/; sid:900511136; rev:1;) alert tcp $HOME_NET any -> [103.42.86.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.246/; sid:900511137; rev:1;) alert tcp $HOME_NET any -> [114.143.176.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.234/; sid:900511138; rev:1;) alert tcp $HOME_NET any -> [171.97.42.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.42.67/; sid:900511139; rev:1;) alert tcp $HOME_NET any -> [109.159.119.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.95/; sid:900511140; rev:1;) alert tcp $HOME_NET any -> [45.61.187.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.123/; sid:900511141; rev:1;) alert tcp $HOME_NET any -> [198.98.48.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.48.231/; sid:900511142; rev:1;) alert tcp $HOME_NET any -> [62.113.238.72] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.113.238.72/; sid:900511143; rev:1;) alert tcp $HOME_NET any -> [95.94.41.77] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.94.41.77/; sid:900511144; rev:1;) alert tcp $HOME_NET any -> [91.82.5.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.5.101/; sid:900511145; rev:1;) alert tcp $HOME_NET any -> [50.60.157.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.60.157.175/; sid:900511146; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900511147; rev:1;) alert tcp $HOME_NET any -> [105.186.138.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.138.165/; sid:900511148; rev:1;) alert tcp $HOME_NET any -> [116.72.250.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.250.18/; sid:900511149; rev:1;) alert tcp $HOME_NET any -> [143.159.167.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.159.167.231/; sid:900511150; rev:1;) alert tcp $HOME_NET any -> [92.136.182.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.182.108/; sid:900511151; rev:1;) alert tcp $HOME_NET any -> [81.151.102.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.151.102.224/; sid:900511152; rev:1;) alert tcp $HOME_NET any -> [76.93.147.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.93.147.187/; sid:900511153; rev:1;) alert tcp $HOME_NET any -> [79.9.64.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.9.64.37/; sid:900511154; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900511155; rev:1;) alert tcp $HOME_NET any -> [93.238.63.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.238.63.3/; sid:900511156; rev:1;) alert tcp $HOME_NET any -> [47.196.203.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.196.203.73/; sid:900511157; rev:1;) alert tcp $HOME_NET any -> [68.150.18.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.150.18.161/; sid:900511158; rev:1;) alert tcp $HOME_NET any -> [102.158.37.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.37.226/; sid:900511159; rev:1;) alert tcp $HOME_NET any -> [103.144.201.53] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.53/; sid:900511160; rev:1;) alert tcp $HOME_NET any -> [190.199.188.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.188.186/; sid:900511161; rev:1;) alert tcp $HOME_NET any -> [156.217.208.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.208.137/; sid:900511162; rev:1;) alert tcp $HOME_NET any -> [93.156.100.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.100.20/; sid:900511163; rev:1;) alert tcp $HOME_NET any -> [50.68.186.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.186.195/; sid:900511164; rev:1;) alert tcp $HOME_NET any -> [102.158.206.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.206.194/; sid:900511165; rev:1;) alert tcp $HOME_NET any -> [108.2.111.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.2.111.66/; sid:900511166; rev:1;) alert tcp $HOME_NET any -> [45.84.240.87] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.84.240.87/; sid:900511167; rev:1;) alert tcp $HOME_NET any -> [83.202.26.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.202.26.241/; sid:900511168; rev:1;) alert tcp $HOME_NET any -> [86.250.12.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.250.12.217/; sid:900511169; rev:1;) alert tcp $HOME_NET any -> [86.196.12.21] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.196.12.21/; sid:900511170; rev:1;) alert tcp $HOME_NET any -> [24.123.211.131] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.211.131/; sid:900511171; rev:1;) alert tcp $HOME_NET any -> [103.12.133.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.133.134/; sid:900511172; rev:1;) alert tcp $HOME_NET any -> [190.249.231.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.231.121/; sid:900511173; rev:1;) alert tcp $HOME_NET any -> [161.142.104.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.104.187/; sid:900511174; rev:1;) alert tcp $HOME_NET any -> [84.108.200.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.108.200.161/; sid:900511175; rev:1;) alert tcp $HOME_NET any -> [88.169.33.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.169.33.180/; sid:900511176; rev:1;) alert tcp $HOME_NET any -> [94.70.92.137] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.92.137/; sid:900511177; rev:1;) alert tcp $HOME_NET any -> [86.165.225.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.225.227/; sid:900511178; rev:1;) alert tcp $HOME_NET any -> [109.159.118.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.118.60/; sid:900511179; rev:1;) alert tcp $HOME_NET any -> [104.35.24.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.35.24.154/; sid:900511180; rev:1;) alert tcp $HOME_NET any -> [197.14.77.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.77.92/; sid:900511181; rev:1;) alert tcp $HOME_NET any -> [190.191.35.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.35.122/; sid:900511182; rev:1;) alert tcp $HOME_NET any -> [202.186.177.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.186.177.88/; sid:900511183; rev:1;) alert tcp $HOME_NET any -> [91.170.115.68] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.170.115.68/; sid:900511184; rev:1;) alert tcp $HOME_NET any -> [92.11.194.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.194.53/; sid:900511185; rev:1;) alert tcp $HOME_NET any -> [88.126.112.14] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.126.112.14/; sid:900511186; rev:1;) alert tcp $HOME_NET any -> [45.50.233.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.50.233.214/; sid:900511187; rev:1;) alert tcp $HOME_NET any -> [142.119.127.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.119.127.214/; sid:900511188; rev:1;) alert tcp $HOME_NET any -> [217.165.235.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.235.126/; sid:900511189; rev:1;) alert tcp $HOME_NET any -> [23.251.92.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.251.92.57/; sid:900511190; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900511191; rev:1;) alert tcp $HOME_NET any -> [86.172.79.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.172.79.135/; sid:900511192; rev:1;) alert tcp $HOME_NET any -> [49.245.127.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.127.223/; sid:900511193; rev:1;) alert tcp $HOME_NET any -> [82.127.204.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.204.82/; sid:900511194; rev:1;) alert tcp $HOME_NET any -> [78.130.215.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.130.215.67/; sid:900511195; rev:1;) alert tcp $HOME_NET any -> [97.116.78.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.116.78.96/; sid:900511196; rev:1;) alert tcp $HOME_NET any -> [64.237.207.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.207.9/; sid:900511197; rev:1;) alert tcp $HOME_NET any -> [194.166.90.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.166.90.227/; sid:900511198; rev:1;) alert tcp $HOME_NET any -> [183.82.112.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.209/; sid:900511199; rev:1;) alert tcp $HOME_NET any -> [189.222.55.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.55.8/; sid:900511200; rev:1;) alert tcp $HOME_NET any -> [86.161.143.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.161.143.7/; sid:900511201; rev:1;) alert tcp $HOME_NET any -> [72.188.121.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.121.121/; sid:900511202; rev:1;) alert tcp $HOME_NET any -> [103.169.83.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.169.83.89/; sid:900511203; rev:1;) alert tcp $HOME_NET any -> [99.254.167.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.254.167.145/; sid:900511204; rev:1;) alert tcp $HOME_NET any -> [105.99.105.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.99.105.0/; sid:900511205; rev:1;) alert tcp $HOME_NET any -> [51.75.63.193] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.63.193/; sid:900511206; rev:1;) alert tcp $HOME_NET any -> [209.142.97.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.142.97.83/; sid:900511207; rev:1;) alert tcp $HOME_NET any -> [76.64.202.88] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.64.202.88/; sid:900511208; rev:1;) alert tcp $HOME_NET any -> [90.78.51.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.51.182/; sid:900511209; rev:1;) alert tcp $HOME_NET any -> [180.158.187.35] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.158.187.35/; sid:900511210; rev:1;) alert tcp $HOME_NET any -> [125.99.69.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.69.178/; sid:900511211; rev:1;) alert tcp $HOME_NET any -> [78.16.206.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.206.181/; sid:900511213; rev:1;) alert tcp $HOME_NET any -> [182.180.105.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.105.242/; sid:900511214; rev:1;) alert tcp $HOME_NET any -> [86.130.9.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.197/; sid:900511215; rev:1;) alert tcp $HOME_NET any -> [14.202.223.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.202.223.107/; sid:900511216; rev:1;) alert tcp $HOME_NET any -> [102.156.32.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.32.143/; sid:900511217; rev:1;) alert tcp $HOME_NET any -> [71.52.53.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.52.53.166/; sid:900511218; rev:1;) alert tcp $HOME_NET any -> [208.187.122.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.187.122.74/; sid:900511219; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900511220; rev:1;) alert tcp $HOME_NET any -> [142.11.213.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.213.56/; sid:900511221; rev:1;) alert tcp $HOME_NET any -> [62.113.238.73] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.113.238.73/; sid:900511222; rev:1;) alert tcp $HOME_NET any -> [195.20.17.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.20.17.233/; sid:900511223; rev:1;) alert tcp $HOME_NET any -> [109.149.147.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.148/; sid:900511224; rev:1;) alert tcp $HOME_NET any -> [197.204.236.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.236.174/; sid:900511225; rev:1;) alert tcp $HOME_NET any -> [217.165.186.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.186.116/; sid:900511226; rev:1;) alert tcp $HOME_NET any -> [2.14.144.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.144.105/; sid:900511227; rev:1;) alert tcp $HOME_NET any -> [145.239.30.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.242/; sid:900511228; rev:1;) alert tcp $HOME_NET any -> [83.7.52.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.52.16/; sid:900511229; rev:1;) # END 553 entries