################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2023-05-30 13:58:32 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900605001; rev:1;) alert tcp $HOME_NET any -> [192.73.238.101] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.73.238.101/; sid:900605002; rev:1;) alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900605003; rev:1;) alert tcp $HOME_NET any -> [194.58.98.196] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.58.98.196/; sid:900605004; rev:1;) alert tcp $HOME_NET any -> [142.4.6.57] 14043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.6.57/; sid:900605005; rev:1;) alert tcp $HOME_NET any -> [64.225.35.35] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.35.35/; sid:900605006; rev:1;) alert tcp $HOME_NET any -> [195.159.28.230] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605007; rev:1;) alert tcp $HOME_NET any -> [93.186.200.154] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.186.200.154/; sid:900605009; rev:1;) alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900605010; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605011; rev:1;) alert tcp $HOME_NET any -> [5.9.178.143] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.143/; sid:900605012; rev:1;) alert tcp $HOME_NET any -> [37.139.2.140] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.2.140/; sid:900605013; rev:1;) alert tcp $HOME_NET any -> [49.212.179.180] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.179.180/; sid:900605014; rev:1;) alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605016; rev:1;) alert tcp $HOME_NET any -> [195.231.69.151] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.69.151/; sid:900605018; rev:1;) alert tcp $HOME_NET any -> [221.126.244.72] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.126.244.72/; sid:900605019; rev:1;) alert tcp $HOME_NET any -> [157.7.166.26] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.166.26/; sid:900605020; rev:1;) alert tcp $HOME_NET any -> [212.129.24.83] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.83/; sid:900605021; rev:1;) alert tcp $HOME_NET any -> [208.71.173.207] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.71.173.207/; sid:900605022; rev:1;) alert tcp $HOME_NET any -> [80.86.91.27] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.91.27/; sid:900605023; rev:1;) alert tcp $HOME_NET any -> [5.100.228.233] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.100.228.233/; sid:900605024; rev:1;) alert tcp $HOME_NET any -> [77.220.64.37] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.37/; sid:900605025; rev:1;) alert tcp $HOME_NET any -> [46.105.131.65] 1512 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.65/; sid:900605026; rev:1;) alert tcp $HOME_NET any -> [69.64.62.4] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900605027; rev:1;) alert tcp $HOME_NET any -> [162.241.44.26] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.44.26/; sid:900605028; rev:1;) alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900605029; rev:1;) alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900605030; rev:1;) alert tcp $HOME_NET any -> [194.150.118.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.7/; sid:900605031; rev:1;) alert tcp $HOME_NET any -> [199.66.90.63] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.66.90.63/; sid:900605035; rev:1;) alert tcp $HOME_NET any -> [81.169.224.222] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.224.222/; sid:900605036; rev:1;) alert tcp $HOME_NET any -> [62.75.168.106] 3886 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.106/; sid:900605037; rev:1;) alert tcp $HOME_NET any -> [82.165.152.127] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.152.127/; sid:900605038; rev:1;) alert tcp $HOME_NET any -> [178.254.40.132] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.132/; sid:900605039; rev:1;) alert tcp $HOME_NET any -> [216.172.165.70] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.172.165.70/; sid:900605041; rev:1;) alert tcp $HOME_NET any -> [85.207.13.169] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.207.13.169/; sid:900605043; rev:1;) alert tcp $HOME_NET any -> [104.131.164.93] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.164.93/; sid:900605045; rev:1;) alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900605046; rev:1;) alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900605047; rev:1;) alert tcp $HOME_NET any -> [94.126.8.2] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.126.8.2/; sid:900605054; rev:1;) alert tcp $HOME_NET any -> [77.220.64.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.39/; sid:900605055; rev:1;) alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900605056; rev:1;) alert tcp $HOME_NET any -> [89.174.36.41] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.174.36.41/; sid:900605057; rev:1;) alert tcp $HOME_NET any -> [169.255.216.36] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.216.36/; sid:900605058; rev:1;) alert tcp $HOME_NET any -> [193.90.12.122] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.122/; sid:900605059; rev:1;) alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900605063; rev:1;) alert tcp $HOME_NET any -> [67.79.105.174] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.105.174/; sid:900605065; rev:1;) alert tcp $HOME_NET any -> [45.79.226.106] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.226.106/; sid:900605066; rev:1;) alert tcp $HOME_NET any -> [2.58.16.89] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.89/; sid:900605067; rev:1;) alert tcp $HOME_NET any -> [27.254.174.93] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.93/; sid:900605068; rev:1;) alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900605069; rev:1;) alert tcp $HOME_NET any -> [45.56.127.75] 49160 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.127.75/; sid:900605070; rev:1;) alert tcp $HOME_NET any -> [103.41.110.115] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.41.110.115/; sid:900605071; rev:1;) alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900605072; rev:1;) alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900605073; rev:1;) alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900605074; rev:1;) alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900605075; rev:1;) alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900605076; rev:1;) alert tcp $HOME_NET any -> [188.165.17.91] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.17.91/; sid:900605077; rev:1;) alert tcp $HOME_NET any -> [188.40.34.210] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.34.210/; sid:900605078; rev:1;) alert tcp $HOME_NET any -> [195.159.28.229] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.229/; sid:900605079; rev:1;) alert tcp $HOME_NET any -> [178.62.23.64] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.23.64/; sid:900605081; rev:1;) alert tcp $HOME_NET any -> [167.99.158.82] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.158.82/; sid:900605082; rev:1;) alert tcp $HOME_NET any -> [103.244.206.74] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.244.206.74/; sid:900605083; rev:1;) alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900605084; rev:1;) alert tcp $HOME_NET any -> [162.241.204.233] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.233/; sid:900605085; rev:1;) alert tcp $HOME_NET any -> [138.122.143.40] 8043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.143.40/; sid:900605086; rev:1;) alert tcp $HOME_NET any -> [198.57.200.100] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.200.100/; sid:900605087; rev:1;) alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900605088; rev:1;) alert tcp $HOME_NET any -> [85.25.109.116] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.109.116/; sid:900605089; rev:1;) alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900605090; rev:1;) alert tcp $HOME_NET any -> [87.106.89.36] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.89.36/; sid:900605091; rev:1;) alert tcp $HOME_NET any -> [51.15.176.55] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.176.55/; sid:900605092; rev:1;) alert tcp $HOME_NET any -> [27.254.174.84] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.84/; sid:900605093; rev:1;) alert tcp $HOME_NET any -> [172.86.186.22] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.186.22/; sid:900605094; rev:1;) alert tcp $HOME_NET any -> [62.138.14.216] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.14.216/; sid:900605095; rev:1;) alert tcp $HOME_NET any -> [46.4.83.131] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.83.131/; sid:900605096; rev:1;) alert tcp $HOME_NET any -> [213.202.229.72] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.202.229.72/; sid:900605097; rev:1;) alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900605098; rev:1;) alert tcp $HOME_NET any -> [8.4.9.152] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.4.9.152/; sid:900605099; rev:1;) alert tcp $HOME_NET any -> [185.246.87.202] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.87.202/; sid:900605100; rev:1;) alert tcp $HOME_NET any -> [69.16.193.166] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.193.166/; sid:900605101; rev:1;) alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900605104; rev:1;) alert tcp $HOME_NET any -> [45.77.154.161] 1688 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.154.161/; sid:900605105; rev:1;) alert tcp $HOME_NET any -> [69.164.207.140] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.207.140/; sid:900605106; rev:1;) alert tcp $HOME_NET any -> [46.105.131.78] 14431 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.78/; sid:900605107; rev:1;) alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900605108; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605109; rev:1;) alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605110; rev:1;) alert tcp $HOME_NET any -> [107.172.188.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.188.113/; sid:900605111; rev:1;) alert tcp $HOME_NET any -> [5.202.150.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.202.150.151/; sid:900605112; rev:1;) alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900605113; rev:1;) alert tcp $HOME_NET any -> [185.109.54.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.109.54.99/; sid:900605114; rev:1;) alert tcp $HOME_NET any -> [190.151.130.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.130.12/; sid:900605115; rev:1;) alert tcp $HOME_NET any -> [36.94.167.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900605116; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605117; rev:1;) alert tcp $HOME_NET any -> [45.230.244.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.244.20/; sid:900605118; rev:1;) alert tcp $HOME_NET any -> [58.97.211.3] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.97.211.3/; sid:900605119; rev:1;) alert tcp $HOME_NET any -> [186.250.157.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.157.116/; sid:900605120; rev:1;) alert tcp $HOME_NET any -> [190.214.12.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.12.202/; sid:900605121; rev:1;) alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900605123; rev:1;) alert tcp $HOME_NET any -> [200.52.147.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.147.93/; sid:900605124; rev:1;) alert tcp $HOME_NET any -> [45.226.124.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605125; rev:1;) alert tcp $HOME_NET any -> [187.189.99.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.99.216/; sid:900605126; rev:1;) alert tcp $HOME_NET any -> [45.148.120.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.173/; sid:900605127; rev:1;) alert tcp $HOME_NET any -> [45.234.212.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.212.234/; sid:900605129; rev:1;) alert tcp $HOME_NET any -> [36.94.113.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.113.249/; sid:900605130; rev:1;) alert tcp $HOME_NET any -> [185.118.15.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.118.15.137/; sid:900605131; rev:1;) alert tcp $HOME_NET any -> [212.126.125.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.126.125.10/; sid:900605132; rev:1;) alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900605136; rev:1;) alert tcp $HOME_NET any -> [222.124.7.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.7.150/; sid:900605137; rev:1;) alert tcp $HOME_NET any -> [36.94.62.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.62.207/; sid:900605138; rev:1;) alert tcp $HOME_NET any -> [45.155.173.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.196/; sid:900605140; rev:1;) alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900605147; rev:1;) alert tcp $HOME_NET any -> [103.69.216.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.216.154/; sid:900605148; rev:1;) alert tcp $HOME_NET any -> [43.245.216.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.238/; sid:900605153; rev:1;) alert tcp $HOME_NET any -> [5.182.210.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.24/; sid:900605156; rev:1;) alert tcp $HOME_NET any -> [186.137.85.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.85.76/; sid:900605159; rev:1;) alert tcp $HOME_NET any -> [182.253.107.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.107.34/; sid:900605167; rev:1;) alert tcp $HOME_NET any -> [103.91.244.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.50/; sid:900605168; rev:1;) alert tcp $HOME_NET any -> [177.221.108.198] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.108.198/; sid:900605171; rev:1;) alert tcp $HOME_NET any -> [104.161.32.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.108/; sid:900605172; rev:1;) alert tcp $HOME_NET any -> [50.116.111.64] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.64/; sid:900605173; rev:1;) alert tcp $HOME_NET any -> [185.184.25.234] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900605174; rev:1;) alert tcp $HOME_NET any -> [194.225.58.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.225.58.214/; sid:900605175; rev:1;) alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900605176; rev:1;) alert tcp $HOME_NET any -> [85.204.116.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.83/; sid:900605178; rev:1;) alert tcp $HOME_NET any -> [83.151.14.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.151.14.13/; sid:900605179; rev:1;) alert tcp $HOME_NET any -> [77.220.64.40] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.40/; sid:900605200; rev:1;) alert tcp $HOME_NET any -> [12.175.220.98] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.175.220.98/; sid:900605201; rev:1;) alert tcp $HOME_NET any -> [24.178.90.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.90.49/; sid:900605202; rev:1;) alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:900605203; rev:1;) alert tcp $HOME_NET any -> [175.103.38.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.38.146/; sid:900605204; rev:1;) alert tcp $HOME_NET any -> [69.49.88.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.49.88.46/; sid:900605205; rev:1;) alert tcp $HOME_NET any -> [167.114.153.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.153.111/; sid:900605206; rev:1;) alert tcp $HOME_NET any -> [194.190.67.75] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.67.75/; sid:900605207; rev:1;) alert tcp $HOME_NET any -> [61.19.246.238] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.246.238/; sid:900605208; rev:1;) alert tcp $HOME_NET any -> [95.9.5.93] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.5.93/; sid:900605209; rev:1;) alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900605210; rev:1;) alert tcp $HOME_NET any -> [115.94.207.99] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.94.207.99/; sid:900605211; rev:1;) alert tcp $HOME_NET any -> [81.214.253.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.253.80/; sid:900605212; rev:1;) alert tcp $HOME_NET any -> [220.245.198.194] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.198.194/; sid:900605213; rev:1;) alert tcp $HOME_NET any -> [120.150.60.189] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.60.189/; sid:900605214; rev:1;) alert tcp $HOME_NET any -> [110.142.236.207] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.236.207/; sid:900605215; rev:1;) alert tcp $HOME_NET any -> [12.163.208.58] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.163.208.58/; sid:900605216; rev:1;) alert tcp $HOME_NET any -> [81.215.230.173] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.230.173/; sid:900605217; rev:1;) alert tcp $HOME_NET any -> [60.93.23.51] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.93.23.51/; sid:900605219; rev:1;) alert tcp $HOME_NET any -> [78.90.78.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.90.78.210/; sid:900605220; rev:1;) alert tcp $HOME_NET any -> [177.23.7.151] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.23.7.151/; sid:900605221; rev:1;) alert tcp $HOME_NET any -> [161.49.84.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.49.84.2/; sid:900605222; rev:1;) alert tcp $HOME_NET any -> [85.105.111.166] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.111.166/; sid:900605223; rev:1;) alert tcp $HOME_NET any -> [65.32.168.171] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.32.168.171/; sid:900605224; rev:1;) alert tcp $HOME_NET any -> [64.207.182.168] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.182.168/; sid:900605225; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900605226; rev:1;) alert tcp $HOME_NET any -> [172.125.40.123] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.125.40.123/; sid:900605227; rev:1;) alert tcp $HOME_NET any -> [45.16.226.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.16.226.117/; sid:900605228; rev:1;) alert tcp $HOME_NET any -> [110.37.224.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.224.243/; sid:900605229; rev:1;) alert tcp $HOME_NET any -> [103.93.220.182] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.93.220.182/; sid:900605231; rev:1;) alert tcp $HOME_NET any -> [91.75.75.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.75.75.46/; sid:900605232; rev:1;) alert tcp $HOME_NET any -> [185.201.9.197] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.201.9.197/; sid:900605233; rev:1;) alert tcp $HOME_NET any -> [163.53.204.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.204.180/; sid:900605234; rev:1;) alert tcp $HOME_NET any -> [203.157.152.9] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.157.152.9/; sid:900605235; rev:1;) alert tcp $HOME_NET any -> [185.208.226.142] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.208.226.142/; sid:900605236; rev:1;) alert tcp $HOME_NET any -> [190.85.46.52] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.46.52/; sid:900605238; rev:1;) alert tcp $HOME_NET any -> [188.165.214.98] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.98/; sid:900605239; rev:1;) alert tcp $HOME_NET any -> [50.116.111.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.59/; sid:900605240; rev:1;) alert tcp $HOME_NET any -> [190.103.228.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.228.24/; sid:900605243; rev:1;) alert tcp $HOME_NET any -> [80.15.100.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.100.37/; sid:900605244; rev:1;) alert tcp $HOME_NET any -> [117.2.139.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.139.117/; sid:900605245; rev:1;) alert tcp $HOME_NET any -> [152.170.79.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.79.100/; sid:900605246; rev:1;) alert tcp $HOME_NET any -> [211.215.18.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.215.18.93/; sid:900605247; rev:1;) alert tcp $HOME_NET any -> [187.162.248.237] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.248.237/; sid:900605248; rev:1;) alert tcp $HOME_NET any -> [110.39.160.38] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.160.38/; sid:900605249; rev:1;) alert tcp $HOME_NET any -> [213.52.74.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.52.74.198/; sid:900605250; rev:1;) alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900605251; rev:1;) alert tcp $HOME_NET any -> [24.179.13.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.119/; sid:900605252; rev:1;) alert tcp $HOME_NET any -> [121.124.124.40] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.124.124.40/; sid:900605253; rev:1;) alert tcp $HOME_NET any -> [12.162.84.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900605254; rev:1;) alert tcp $HOME_NET any -> [206.189.232.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.232.2/; sid:900605255; rev:1;) alert tcp $HOME_NET any -> [51.89.36.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.36.180/; sid:900605256; rev:1;) alert tcp $HOME_NET any -> [132.248.38.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.38.158/; sid:900605257; rev:1;) alert tcp $HOME_NET any -> [75.177.207.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.207.146/; sid:900605258; rev:1;) alert tcp $HOME_NET any -> [74.40.205.197] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.40.205.197/; sid:900605259; rev:1;) alert tcp $HOME_NET any -> [62.84.75.50] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.84.75.50/; sid:900605260; rev:1;) alert tcp $HOME_NET any -> [46.105.114.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.114.137/; sid:900605261; rev:1;) alert tcp $HOME_NET any -> [109.99.146.210] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.99.146.210/; sid:900605262; rev:1;) alert tcp $HOME_NET any -> [104.236.52.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.52.89/; sid:900605263; rev:1;) alert tcp $HOME_NET any -> [223.17.215.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.215.76/; sid:900605264; rev:1;) alert tcp $HOME_NET any -> [180.148.4.130] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.148.4.130/; sid:900605265; rev:1;) alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:900605266; rev:1;) alert tcp $HOME_NET any -> [115.21.224.117] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.21.224.117/; sid:900605268; rev:1;) alert tcp $HOME_NET any -> [202.79.24.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.79.24.136/; sid:900605269; rev:1;) alert tcp $HOME_NET any -> [181.30.61.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900605271; rev:1;) alert tcp $HOME_NET any -> [110.172.180.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.180.180/; sid:900605273; rev:1;) alert tcp $HOME_NET any -> [70.92.118.112] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.92.118.112/; sid:900605274; rev:1;) alert tcp $HOME_NET any -> [59.21.235.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.21.235.119/; sid:900605275; rev:1;) alert tcp $HOME_NET any -> [195.159.28.244] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.244/; sid:900605276; rev:1;) alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900605277; rev:1;) alert tcp $HOME_NET any -> [110.39.162.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.162.2/; sid:900605278; rev:1;) alert tcp $HOME_NET any -> [93.146.143.191] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.143.191/; sid:900605279; rev:1;) alert tcp $HOME_NET any -> [172.245.248.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.248.239/; sid:900605280; rev:1;) alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900605281; rev:1;) alert tcp $HOME_NET any -> [110.145.11.73] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.11.73/; sid:900605282; rev:1;) alert tcp $HOME_NET any -> [191.223.36.170] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.223.36.170/; sid:900605283; rev:1;) alert tcp $HOME_NET any -> [82.145.43.153] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.145.43.153/; sid:900605284; rev:1;) alert tcp $HOME_NET any -> [24.230.124.78] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.230.124.78/; sid:900605285; rev:1;) alert tcp $HOME_NET any -> [110.145.101.66] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.101.66/; sid:900605286; rev:1;) alert tcp $HOME_NET any -> [75.109.111.18] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.18/; sid:900605287; rev:1;) alert tcp $HOME_NET any -> [175.207.12.52] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.12.52/; sid:900605288; rev:1;) alert tcp $HOME_NET any -> [109.116.245.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.116.245.80/; sid:900605289; rev:1;) alert tcp $HOME_NET any -> [45.230.228.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.228.26/; sid:900605290; rev:1;) alert tcp $HOME_NET any -> [143.0.85.206] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.85.206/; sid:900605291; rev:1;) alert tcp $HOME_NET any -> [190.210.246.253] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.246.253/; sid:900605292; rev:1;) alert tcp $HOME_NET any -> [47.144.21.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.144.21.37/; sid:900605294; rev:1;) alert tcp $HOME_NET any -> [181.165.68.127] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.68.127/; sid:900605295; rev:1;) alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900605296; rev:1;) alert tcp $HOME_NET any -> [139.5.101.203] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.101.203/; sid:900605297; rev:1;) alert tcp $HOME_NET any -> [190.162.232.138] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.162.232.138/; sid:900605298; rev:1;) alert tcp $HOME_NET any -> [93.149.120.214] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.149.120.214/; sid:900605299; rev:1;) alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900605300; rev:1;) alert tcp $HOME_NET any -> [31.27.59.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.27.59.105/; sid:900605301; rev:1;) alert tcp $HOME_NET any -> [152.169.22.67] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.67/; sid:900605303; rev:1;) alert tcp $HOME_NET any -> [2.82.75.215] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.75.215/; sid:900605304; rev:1;) alert tcp $HOME_NET any -> [197.211.245.21] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.245.21/; sid:900605305; rev:1;) alert tcp $HOME_NET any -> [118.83.154.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.83.154.64/; sid:900605306; rev:1;) alert tcp $HOME_NET any -> [201.185.69.28] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.185.69.28/; sid:900605307; rev:1;) alert tcp $HOME_NET any -> [177.85.167.10] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.85.167.10/; sid:900605308; rev:1;) alert tcp $HOME_NET any -> [190.251.200.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.200.206/; sid:900605309; rev:1;) alert tcp $HOME_NET any -> [51.38.71.84] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.84/; sid:900605310; rev:1;) alert tcp $HOME_NET any -> [201.163.74.204] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.163.74.204/; sid:900605311; rev:1;) alert tcp $HOME_NET any -> [82.208.146.142] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.208.146.142/; sid:900605312; rev:1;) alert tcp $HOME_NET any -> [89.106.251.163] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.106.251.163/; sid:900605313; rev:1;) alert tcp $HOME_NET any -> [78.189.148.42] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.148.42/; sid:900605314; rev:1;) alert tcp $HOME_NET any -> [167.99.105.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.11/; sid:900605315; rev:1;) alert tcp $HOME_NET any -> [190.19.169.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.169.69/; sid:900605316; rev:1;) alert tcp $HOME_NET any -> [70.183.211.3] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.211.3/; sid:900605317; rev:1;) alert tcp $HOME_NET any -> [180.222.161.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.222.161.85/; sid:900605318; rev:1;) alert tcp $HOME_NET any -> [75.113.193.72] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.193.72/; sid:900605319; rev:1;) alert tcp $HOME_NET any -> [91.233.197.70] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.233.197.70/; sid:900605320; rev:1;) alert tcp $HOME_NET any -> [78.182.254.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.254.231/; sid:900605321; rev:1;) alert tcp $HOME_NET any -> [201.212.61.66] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.61.66/; sid:900605322; rev:1;) alert tcp $HOME_NET any -> [200.75.39.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.39.254/; sid:900605324; rev:1;) alert tcp $HOME_NET any -> [191.241.233.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.241.233.198/; sid:900605325; rev:1;) alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900605326; rev:1;) alert tcp $HOME_NET any -> [190.251.216.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.216.100/; sid:900605327; rev:1;) alert tcp $HOME_NET any -> [190.45.24.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.24.210/; sid:900605328; rev:1;) alert tcp $HOME_NET any -> [82.48.39.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.48.39.246/; sid:900605329; rev:1;) alert tcp $HOME_NET any -> [190.64.88.186] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.64.88.186/; sid:900605330; rev:1;) alert tcp $HOME_NET any -> [187.161.206.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.161.206.24/; sid:900605331; rev:1;) alert tcp $HOME_NET any -> [186.96.170.61] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.170.61/; sid:900605332; rev:1;) alert tcp $HOME_NET any -> [93.146.48.84] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.48.84/; sid:900605333; rev:1;) alert tcp $HOME_NET any -> [161.0.153.60] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.0.153.60/; sid:900605334; rev:1;) alert tcp $HOME_NET any -> [120.51.34.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.34.254/; sid:900605335; rev:1;) alert tcp $HOME_NET any -> [203.160.167.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.167.243/; sid:900605336; rev:1;) alert tcp $HOME_NET any -> [185.183.16.47] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.16.47/; sid:900605337; rev:1;) alert tcp $HOME_NET any -> [78.188.225.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.225.105/; sid:900605338; rev:1;) alert tcp $HOME_NET any -> [27.78.27.110] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.78.27.110/; sid:900605339; rev:1;) alert tcp $HOME_NET any -> [152.32.75.74] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.32.75.74/; sid:900605340; rev:1;) alert tcp $HOME_NET any -> [82.78.179.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.179.117/; sid:900605341; rev:1;) alert tcp $HOME_NET any -> [115.79.195.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.195.246/; sid:900605342; rev:1;) alert tcp $HOME_NET any -> [49.206.16.156] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.16.156/; sid:900605343; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 8443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605344; rev:1;) alert tcp $HOME_NET any -> [109.101.137.162] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.101.137.162/; sid:900605345; rev:1;) alert tcp $HOME_NET any -> [190.55.186.229] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.186.229/; sid:900605346; rev:1;) alert tcp $HOME_NET any -> [209.33.120.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.120.130/; sid:900605347; rev:1;) alert tcp $HOME_NET any -> [217.160.169.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.169.110/; sid:900605348; rev:1;) alert tcp $HOME_NET any -> [51.255.203.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.203.164/; sid:900605349; rev:1;) alert tcp $HOME_NET any -> [84.232.229.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.232.229.24/; sid:900605350; rev:1;) alert tcp $HOME_NET any -> [201.48.121.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.48.121.65/; sid:900605351; rev:1;) alert tcp $HOME_NET any -> [85.105.239.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.239.184/; sid:900605352; rev:1;) alert tcp $HOME_NET any -> [108.53.88.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.53.88.101/; sid:900605353; rev:1;) alert tcp $HOME_NET any -> [79.130.130.240] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.130.240/; sid:900605354; rev:1;) alert tcp $HOME_NET any -> [195.159.28.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605355; rev:1;) alert tcp $HOME_NET any -> [98.109.133.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.109.133.80/; sid:900605356; rev:1;) alert tcp $HOME_NET any -> [181.10.46.92] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.46.92/; sid:900605357; rev:1;) alert tcp $HOME_NET any -> [71.72.196.159] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.72.196.159/; sid:900605358; rev:1;) alert tcp $HOME_NET any -> [24.69.65.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.65.8/; sid:900605359; rev:1;) alert tcp $HOME_NET any -> [95.76.153.115] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.76.153.115/; sid:900605360; rev:1;) alert tcp $HOME_NET any -> [197.232.36.108] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.36.108/; sid:900605361; rev:1;) alert tcp $HOME_NET any -> [190.18.184.113] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.184.113/; sid:900605362; rev:1;) alert tcp $HOME_NET any -> [69.38.130.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.38.130.14/; sid:900605363; rev:1;) alert tcp $HOME_NET any -> [172.193.14.201] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.193.14.201/; sid:900605364; rev:1;) alert tcp $HOME_NET any -> [88.58.209.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.58.209.2/; sid:900605366; rev:1;) alert tcp $HOME_NET any -> [186.146.229.172] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.229.172/; sid:900605367; rev:1;) alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900605368; rev:1;) alert tcp $HOME_NET any -> [50.91.114.38] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.114.38/; sid:900605369; rev:1;) alert tcp $HOME_NET any -> [181.171.209.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.209.241/; sid:900605370; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900605371; rev:1;) alert tcp $HOME_NET any -> [123.176.25.234] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.176.25.234/; sid:900605372; rev:1;) alert tcp $HOME_NET any -> [91.90.88.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.88.5/; sid:900605373; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605374; rev:1;) alert tcp $HOME_NET any -> [78.206.229.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.206.229.130/; sid:900605375; rev:1;) alert tcp $HOME_NET any -> [79.133.6.236] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.133.6.236/; sid:900605376; rev:1;) alert tcp $HOME_NET any -> [190.240.194.77] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.194.77/; sid:900605377; rev:1;) alert tcp $HOME_NET any -> [154.127.113.242] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.127.113.242/; sid:900605378; rev:1;) alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900605379; rev:1;) alert tcp $HOME_NET any -> [159.89.91.92] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.91.92/; sid:900605380; rev:1;) alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900605381; rev:1;) alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900605382; rev:1;) alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900605384; rev:1;) alert tcp $HOME_NET any -> [77.220.64.140] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.140/; sid:900605385; rev:1;) alert tcp $HOME_NET any -> [59.148.253.194] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900605386; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900605387; rev:1;) alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:900605388; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900605389; rev:1;) alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900605390; rev:1;) alert tcp $HOME_NET any -> [167.86.68.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.68.49/; sid:900605391; rev:1;) alert tcp $HOME_NET any -> [46.105.131.87] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.87/; sid:900605392; rev:1;) alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900605393; rev:1;) alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:900605394; rev:1;) alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900605395; rev:1;) alert tcp $HOME_NET any -> [162.241.92.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.92.219/; sid:900605400; rev:1;) alert tcp $HOME_NET any -> [72.188.173.74] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.173.74/; sid:900605416; rev:1;) alert tcp $HOME_NET any -> [200.111.198.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.198.76/; sid:900605417; rev:1;) alert tcp $HOME_NET any -> [193.90.12.20] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.20/; sid:900605418; rev:1;) alert tcp $HOME_NET any -> [185.181.9.76] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.181.9.76/; sid:900605419; rev:1;) alert tcp $HOME_NET any -> [175.207.13.56] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.13.56/; sid:900605420; rev:1;) alert tcp $HOME_NET any -> [212.129.24.84] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.84/; sid:900605421; rev:1;) alert tcp $HOME_NET any -> [77.220.64.131] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.131/; sid:900605424; rev:1;) alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900605425; rev:1;) alert tcp $HOME_NET any -> [5.196.204.251] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.204.251/; sid:900605426; rev:1;) alert tcp $HOME_NET any -> [24.229.3.146] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.3.146/; sid:900605427; rev:1;) alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900605430; rev:1;) alert tcp $HOME_NET any -> [87.106.18.216] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.18.216/; sid:900605431; rev:1;) alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900605432; rev:1;) alert tcp $HOME_NET any -> [41.211.125.59] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.211.125.59/; sid:900605434; rev:1;) alert tcp $HOME_NET any -> [118.67.216.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.67.216.238/; sid:900605435; rev:1;) alert tcp $HOME_NET any -> [36.94.164.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.164.249/; sid:900605436; rev:1;) alert tcp $HOME_NET any -> [92.242.214.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.214.203/; sid:900605437; rev:1;) alert tcp $HOME_NET any -> [103.91.244.102] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.102/; sid:900605438; rev:1;) alert tcp $HOME_NET any -> [45.226.124.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605439; rev:1;) alert tcp $HOME_NET any -> [45.234.248.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.66/; sid:900605440; rev:1;) alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900605441; rev:1;) alert tcp $HOME_NET any -> [117.212.193.62] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.212.193.62/; sid:900605442; rev:1;) alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900605443; rev:1;) alert tcp $HOME_NET any -> [201.184.190.59] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.190.59/; sid:900605444; rev:1;) alert tcp $HOME_NET any -> [179.191.108.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.191.108.58/; sid:900605446; rev:1;) alert tcp $HOME_NET any -> [176.62.180.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.62.180.164/; sid:900605447; rev:1;) alert tcp $HOME_NET any -> [194.5.249.93] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.93/; sid:900605449; rev:1;) alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900605450; rev:1;) alert tcp $HOME_NET any -> [181.211.103.254] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.103.254/; sid:900605452; rev:1;) alert tcp $HOME_NET any -> [123.59.211.174] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.59.211.174/; sid:900605454; rev:1;) alert tcp $HOME_NET any -> [103.89.252.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.252.130/; sid:900605455; rev:1;) alert tcp $HOME_NET any -> [201.59.167.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.59.167.66/; sid:900605457; rev:1;) alert tcp $HOME_NET any -> [77.220.64.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.133/; sid:900605458; rev:1;) alert tcp $HOME_NET any -> [212.129.24.85] 34443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.85/; sid:900605459; rev:1;) alert tcp $HOME_NET any -> [192.241.175.242] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.242/; sid:900605460; rev:1;) alert tcp $HOME_NET any -> [62.14.242.133] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.14.242.133/; sid:900605461; rev:1;) alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900605462; rev:1;) alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900605464; rev:1;) alert tcp $HOME_NET any -> [103.94.7.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.7.43/; sid:900605465; rev:1;) alert tcp $HOME_NET any -> [49.156.39.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.39.150/; sid:900605466; rev:1;) alert tcp $HOME_NET any -> [46.252.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.252.38.244/; sid:900605467; rev:1;) alert tcp $HOME_NET any -> [178.254.40.33] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.33/; sid:900605468; rev:1;) alert tcp $HOME_NET any -> [185.4.132.226] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.132.226/; sid:900605469; rev:1;) alert tcp $HOME_NET any -> [92.60.235.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.60.235.135/; sid:900605470; rev:1;) alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900605471; rev:1;) alert tcp $HOME_NET any -> [95.210.118.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.210.118.90/; sid:900605472; rev:1;) alert tcp $HOME_NET any -> [77.81.247.140] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.81.247.140/; sid:900605474; rev:1;) alert tcp $HOME_NET any -> [77.220.64.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.149/; sid:900605475; rev:1;) alert tcp $HOME_NET any -> [45.234.248.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.146/; sid:900605476; rev:1;) alert tcp $HOME_NET any -> [5.189.157.183] 4646 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.157.183/; sid:900605477; rev:1;) alert tcp $HOME_NET any -> [165.227.155.13] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.155.13/; sid:900605478; rev:1;) alert tcp $HOME_NET any -> [128.199.59.13] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.59.13/; sid:900605481; rev:1;) alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900605482; rev:1;) alert tcp $HOME_NET any -> [94.158.245.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.54/; sid:900605485; rev:1;) alert tcp $HOME_NET any -> [45.83.129.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.129.224/; sid:900605486; rev:1;) alert tcp $HOME_NET any -> [195.123.241.195] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.195/; sid:900605487; rev:1;) alert tcp $HOME_NET any -> [108.170.20.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.72/; sid:900605488; rev:1;) alert tcp $HOME_NET any -> [134.119.186.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.201/; sid:900605489; rev:1;) alert tcp $HOME_NET any -> [134.119.186.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.200/; sid:900605491; rev:1;) alert tcp $HOME_NET any -> [108.170.20.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.75/; sid:900605493; rev:1;) alert tcp $HOME_NET any -> [94.140.114.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.136/; sid:900605494; rev:1;) alert tcp $HOME_NET any -> [172.83.155.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.215/; sid:900605495; rev:1;) alert tcp $HOME_NET any -> [212.227.53.240] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.53.240/; sid:900605496; rev:1;) alert tcp $HOME_NET any -> [77.220.64.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.132/; sid:900605497; rev:1;) alert tcp $HOME_NET any -> [192.241.174.45] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.174.45/; sid:900605498; rev:1;) alert tcp $HOME_NET any -> [193.8.194.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.8.194.96/; sid:900605499; rev:1;) alert tcp $HOME_NET any -> [185.163.45.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.138/; sid:900605500; rev:1;) alert tcp $HOME_NET any -> [45.155.173.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.242/; sid:900605501; rev:1;) alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900605502; rev:1;) alert tcp $HOME_NET any -> [217.160.107.189] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900605503; rev:1;) alert tcp $HOME_NET any -> [77.220.64.150] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.150/; sid:900605504; rev:1;) alert tcp $HOME_NET any -> [142.202.191.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.202.191.164/; sid:900605506; rev:1;) alert tcp $HOME_NET any -> [173.255.246.77] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.246.77/; sid:900605510; rev:1;) alert tcp $HOME_NET any -> [185.216.27.185] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.216.27.185/; sid:900605514; rev:1;) alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900605517; rev:1;) alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900605518; rev:1;) alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900605519; rev:1;) alert tcp $HOME_NET any -> [151.236.29.248] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.29.248/; sid:900605520; rev:1;) alert tcp $HOME_NET any -> [181.196.245.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.245.54/; sid:900605524; rev:1;) alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900605527; rev:1;) alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900605528; rev:1;) alert tcp $HOME_NET any -> [70.39.99.196] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.39.99.196/; sid:900605529; rev:1;) alert tcp $HOME_NET any -> [178.54.230.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.54.230.164/; sid:900605530; rev:1;) alert tcp $HOME_NET any -> [103.76.20.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.20.226/; sid:900605531; rev:1;) alert tcp $HOME_NET any -> [80.78.75.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.75.246/; sid:900605532; rev:1;) alert tcp $HOME_NET any -> [154.79.252.132] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.252.132/; sid:900605535; rev:1;) alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900605536; rev:1;) alert tcp $HOME_NET any -> [80.78.77.116] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.77.116/; sid:900605537; rev:1;) alert tcp $HOME_NET any -> [168.232.188.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.232.188.88/; sid:900605538; rev:1;) alert tcp $HOME_NET any -> [173.81.4.147] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605539; rev:1;) alert tcp $HOME_NET any -> [202.142.151.190] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.151.190/; sid:900605540; rev:1;) alert tcp $HOME_NET any -> [37.235.230.123] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.230.123/; sid:900605545; rev:1;) alert tcp $HOME_NET any -> [186.195.199.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.195.199.238/; sid:900605546; rev:1;) alert tcp $HOME_NET any -> [177.47.88.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.47.88.62/; sid:900605547; rev:1;) alert tcp $HOME_NET any -> [36.92.93.5] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.93.5/; sid:900605548; rev:1;) alert tcp $HOME_NET any -> [103.146.2.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605549; rev:1;) alert tcp $HOME_NET any -> [182.48.66.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.66.106/; sid:900605550; rev:1;) alert tcp $HOME_NET any -> [36.94.202.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.202.131/; sid:900605551; rev:1;) alert tcp $HOME_NET any -> [179.60.243.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.243.52/; sid:900605552; rev:1;) alert tcp $HOME_NET any -> [103.146.185.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.185.107/; sid:900605556; rev:1;) alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900605558; rev:1;) alert tcp $HOME_NET any -> [91.121.94.86] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.94.86/; sid:900605559; rev:1;) alert tcp $HOME_NET any -> [5.189.144.136] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.144.136/; sid:900605560; rev:1;) alert tcp $HOME_NET any -> [131.72.153.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.153.198/; sid:900605561; rev:1;) alert tcp $HOME_NET any -> [131.255.106.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.255.106.152/; sid:900605562; rev:1;) alert tcp $HOME_NET any -> [37.112.60.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.112.60.123/; sid:900605563; rev:1;) alert tcp $HOME_NET any -> [202.91.41.138] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.41.138/; sid:900605570; rev:1;) alert tcp $HOME_NET any -> [122.2.28.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.2.28.70/; sid:900605575; rev:1;) alert tcp $HOME_NET any -> [103.225.138.94] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.138.94/; sid:900605576; rev:1;) alert tcp $HOME_NET any -> [123.231.149.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605577; rev:1;) alert tcp $HOME_NET any -> [190.119.167.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.167.154/; sid:900605578; rev:1;) alert tcp $HOME_NET any -> [47.103.145.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.103.145.214/; sid:900605579; rev:1;) alert tcp $HOME_NET any -> [117.210.210.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.210.210.179/; sid:900605580; rev:1;) alert tcp $HOME_NET any -> [200.195.233.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.195.233.10/; sid:900605581; rev:1;) alert tcp $HOME_NET any -> [170.82.4.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.4.158/; sid:900605582; rev:1;) alert tcp $HOME_NET any -> [37.29.124.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.29.124.94/; sid:900605583; rev:1;) alert tcp $HOME_NET any -> [103.239.165.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.239.165.24/; sid:900605584; rev:1;) alert tcp $HOME_NET any -> [103.146.2.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605587; rev:1;) alert tcp $HOME_NET any -> [103.54.42.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.42.218/; sid:900605588; rev:1;) alert tcp $HOME_NET any -> [85.25.134.43] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.134.43/; sid:900605589; rev:1;) alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900605590; rev:1;) alert tcp $HOME_NET any -> [213.208.134.178] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.208.134.178/; sid:900605591; rev:1;) alert tcp $HOME_NET any -> [50.243.30.51] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.243.30.51/; sid:900605592; rev:1;) alert tcp $HOME_NET any -> [37.247.35.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.132/; sid:900605593; rev:1;) alert tcp $HOME_NET any -> [162.241.204.234] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.234/; sid:900605595; rev:1;) alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900605596; rev:1;) alert tcp $HOME_NET any -> [185.97.135.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.97.135.164/; sid:900605597; rev:1;) alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900605598; rev:1;) alert tcp $HOME_NET any -> [203.160.59.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.59.14/; sid:900605601; rev:1;) alert tcp $HOME_NET any -> [36.66.111.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.111.251/; sid:900605602; rev:1;) alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900605603; rev:1;) alert tcp $HOME_NET any -> [37.247.35.137] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.137/; sid:900605604; rev:1;) alert tcp $HOME_NET any -> [116.251.211.158] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.251.211.158/; sid:900605605; rev:1;) alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900605607; rev:1;) alert tcp $HOME_NET any -> [114.34.226.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.34.226.52/; sid:900605609; rev:1;) alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900605610; rev:1;) alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900605612; rev:1;) alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900605613; rev:1;) alert tcp $HOME_NET any -> [190.152.71.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.71.230/; sid:900605615; rev:1;) alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900605616; rev:1;) alert tcp $HOME_NET any -> [181.191.67.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.191.67.186/; sid:900605617; rev:1;) alert tcp $HOME_NET any -> [77.220.64.135] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.135/; sid:900605618; rev:1;) alert tcp $HOME_NET any -> [107.180.90.10] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.180.90.10/; sid:900605619; rev:1;) alert tcp $HOME_NET any -> [31.24.158.56] 7275 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.24.158.56/; sid:900605620; rev:1;) alert tcp $HOME_NET any -> [167.179.194.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.194.205/; sid:900605621; rev:1;) alert tcp $HOME_NET any -> [79.106.115.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.103/; sid:900605622; rev:1;) alert tcp $HOME_NET any -> [178.33.183.53] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.183.53/; sid:900605623; rev:1;) alert tcp $HOME_NET any -> [210.65.244.166] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.166/; sid:900605624; rev:1;) alert tcp $HOME_NET any -> [157.7.139.198] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.139.198/; sid:900605625; rev:1;) alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900605626; rev:1;) alert tcp $HOME_NET any -> [41.76.108.46] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900605627; rev:1;) alert tcp $HOME_NET any -> [195.154.221.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.221.186/; sid:900605628; rev:1;) alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900605629; rev:1;) alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900605632; rev:1;) alert tcp $HOME_NET any -> [91.235.129.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.199/; sid:900605633; rev:1;) alert tcp $HOME_NET any -> [62.75.168.152] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.152/; sid:900605634; rev:1;) alert tcp $HOME_NET any -> [147.78.186.4] 10051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.78.186.4/; sid:900605635; rev:1;) alert tcp $HOME_NET any -> [210.65.244.184] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.184/; sid:900605636; rev:1;) alert tcp $HOME_NET any -> [174.105.233.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.105.233.82/; sid:900605637; rev:1;) alert tcp $HOME_NET any -> [45.164.80.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.164.80.94/; sid:900605638; rev:1;) alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900605641; rev:1;) alert tcp $HOME_NET any -> [199.204.214.26] 7073 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.26/; sid:900605642; rev:1;) alert tcp $HOME_NET any -> [95.140.127.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.127.82/; sid:900605643; rev:1;) alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900605646; rev:1;) alert tcp $HOME_NET any -> [219.91.189.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.91.189.17/; sid:900605647; rev:1;) alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900605648; rev:1;) alert tcp $HOME_NET any -> [103.18.108.116] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.18.108.116/; sid:900605649; rev:1;) alert tcp $HOME_NET any -> [36.91.107.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.107.247/; sid:900605651; rev:1;) alert tcp $HOME_NET any -> [12.158.156.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.158.156.51/; sid:900605652; rev:1;) alert tcp $HOME_NET any -> [49.231.17.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.17.146/; sid:900605654; rev:1;) alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900605655; rev:1;) alert tcp $HOME_NET any -> [72.133.71.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.71.61/; sid:900605656; rev:1;) alert tcp $HOME_NET any -> [103.26.251.214] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.26.251.214/; sid:900605657; rev:1;) alert tcp $HOME_NET any -> [98.6.170.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.170.206/; sid:900605659; rev:1;) alert tcp $HOME_NET any -> [102.67.74.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.67.74.24/; sid:900605660; rev:1;) alert tcp $HOME_NET any -> [5.2.158.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.158.159/; sid:900605661; rev:1;) alert tcp $HOME_NET any -> [92.245.172.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.245.172.211/; sid:900605662; rev:1;) alert tcp $HOME_NET any -> [176.115.19.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.19.84/; sid:900605663; rev:1;) alert tcp $HOME_NET any -> [76.84.51.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.51.10/; sid:900605664; rev:1;) alert tcp $HOME_NET any -> [62.209.206.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.209.206.195/; sid:900605665; rev:1;) alert tcp $HOME_NET any -> [85.175.171.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605666; rev:1;) alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900605667; rev:1;) alert tcp $HOME_NET any -> [103.6.213.203] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.6.213.203/; sid:900605668; rev:1;) alert tcp $HOME_NET any -> [46.41.130.218] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900605669; rev:1;) alert tcp $HOME_NET any -> [71.66.174.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.66.174.34/; sid:900605670; rev:1;) alert tcp $HOME_NET any -> [5.189.181.107] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.181.107/; sid:900605671; rev:1;) alert tcp $HOME_NET any -> [198.179.109.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.179.109.238/; sid:900605672; rev:1;) alert tcp $HOME_NET any -> [72.2.179.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.2.179.4/; sid:900605673; rev:1;) alert tcp $HOME_NET any -> [45.127.134.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.127.134.203/; sid:900605674; rev:1;) alert tcp $HOME_NET any -> [41.138.131.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.138.131.67/; sid:900605675; rev:1;) alert tcp $HOME_NET any -> [203.112.210.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.112.210.46/; sid:900605676; rev:1;) alert tcp $HOME_NET any -> [103.77.205.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.77.205.102/; sid:900605677; rev:1;) alert tcp $HOME_NET any -> [116.212.132.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.111/; sid:900605678; rev:1;) alert tcp $HOME_NET any -> [103.110.14.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.14.43/; sid:900605679; rev:1;) alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900605680; rev:1;) alert tcp $HOME_NET any -> [88.119.86.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.119.86.75/; sid:900605681; rev:1;) alert tcp $HOME_NET any -> [182.160.109.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.109.205/; sid:900605682; rev:1;) alert tcp $HOME_NET any -> [103.15.140.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.15.140.141/; sid:900605683; rev:1;) alert tcp $HOME_NET any -> [45.167.249.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.249.126/; sid:900605684; rev:1;) alert tcp $HOME_NET any -> [103.138.172.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.138.172.74/; sid:900605685; rev:1;) alert tcp $HOME_NET any -> [182.23.81.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.81.218/; sid:900605686; rev:1;) alert tcp $HOME_NET any -> [45.229.71.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605687; rev:1;) alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900605688; rev:1;) alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900605691; rev:1;) alert tcp $HOME_NET any -> [185.229.225.1] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.229.225.1/; sid:900605695; rev:1;) alert tcp $HOME_NET any -> [210.65.244.174] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.174/; sid:900605696; rev:1;) alert tcp $HOME_NET any -> [159.8.59.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900605699; rev:1;) alert tcp $HOME_NET any -> [196.41.57.46] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605701; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900605702; rev:1;) alert tcp $HOME_NET any -> [98.142.187.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.233/; sid:900605704; rev:1;) alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900605711; rev:1;) alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900605712; rev:1;) alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900605713; rev:1;) alert tcp $HOME_NET any -> [173.81.4.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605714; rev:1;) alert tcp $HOME_NET any -> [5.59.205.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.59.205.32/; sid:900605715; rev:1;) alert tcp $HOME_NET any -> [161.132.187.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.132.187.158/; sid:900605716; rev:1;) alert tcp $HOME_NET any -> [98.142.187.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.174/; sid:900605719; rev:1;) alert tcp $HOME_NET any -> [80.211.33.13] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.33.13/; sid:900605722; rev:1;) alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900605724; rev:1;) alert tcp $HOME_NET any -> [188.18.7.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.18.7.133/; sid:900605725; rev:1;) alert tcp $HOME_NET any -> [63.249.67.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.249.67.70/; sid:900605726; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900605727; rev:1;) alert tcp $HOME_NET any -> [31.148.29.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.29.153/; sid:900605728; rev:1;) alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900605729; rev:1;) alert tcp $HOME_NET any -> [181.143.251.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605730; rev:1;) alert tcp $HOME_NET any -> [202.131.227.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.226/; sid:900605732; rev:1;) alert tcp $HOME_NET any -> [200.105.134.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.134.99/; sid:900605734; rev:1;) alert tcp $HOME_NET any -> [62.213.14.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.213.14.166/; sid:900605735; rev:1;) alert tcp $HOME_NET any -> [103.76.150.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.150.14/; sid:900605736; rev:1;) alert tcp $HOME_NET any -> [41.77.134.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.134.250/; sid:900605737; rev:1;) alert tcp $HOME_NET any -> [78.158.171.245] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.158.171.245/; sid:900605739; rev:1;) alert tcp $HOME_NET any -> [103.82.146.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.146.212/; sid:900605740; rev:1;) alert tcp $HOME_NET any -> [172.93.133.123] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.133.123/; sid:900605743; rev:1;) alert tcp $HOME_NET any -> [108.168.61.147] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.168.61.147/; sid:900605744; rev:1;) alert tcp $HOME_NET any -> [123.200.26.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.200.26.246/; sid:900605745; rev:1;) alert tcp $HOME_NET any -> [34.205.48.95] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.205.48.95/; sid:900605747; rev:1;) alert tcp $HOME_NET any -> [94.53.130.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.53.130.195/; sid:900605748; rev:1;) alert tcp $HOME_NET any -> [77.232.163.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.232.163.203/; sid:900605750; rev:1;) alert tcp $HOME_NET any -> [87.97.178.92] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605751; rev:1;) alert tcp $HOME_NET any -> [91.243.125.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.243.125.5/; sid:900605752; rev:1;) alert tcp $HOME_NET any -> [181.143.251.154] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605753; rev:1;) alert tcp $HOME_NET any -> [185.94.172.15] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.172.15/; sid:900605754; rev:1;) alert tcp $HOME_NET any -> [163.53.83.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.83.117/; sid:900605755; rev:1;) alert tcp $HOME_NET any -> [202.131.227.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.229/; sid:900605756; rev:1;) alert tcp $HOME_NET any -> [180.178.109.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.109.222/; sid:900605757; rev:1;) alert tcp $HOME_NET any -> [156.19.152.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.19.152.218/; sid:900605759; rev:1;) alert tcp $HOME_NET any -> [72.249.22.245] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900605763; rev:1;) alert tcp $HOME_NET any -> [8.210.53.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.210.53.215/; sid:900605764; rev:1;) alert tcp $HOME_NET any -> [131.100.24.192] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.192/; sid:900605765; rev:1;) alert tcp $HOME_NET any -> [87.97.178.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605766; rev:1;) alert tcp $HOME_NET any -> [170.233.120.53] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.120.53/; sid:900605770; rev:1;) alert tcp $HOME_NET any -> [62.75.251.60] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900605771; rev:1;) alert tcp $HOME_NET any -> [185.148.168.25] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.25/; sid:900605772; rev:1;) alert tcp $HOME_NET any -> [50.116.27.97] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.27.97/; sid:900605773; rev:1;) alert tcp $HOME_NET any -> [159.203.93.122] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.93.122/; sid:900605774; rev:1;) alert tcp $HOME_NET any -> [131.100.24.230] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.230/; sid:900605775; rev:1;) alert tcp $HOME_NET any -> [51.91.156.39] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.156.39/; sid:900605777; rev:1;) alert tcp $HOME_NET any -> [67.196.50.240] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.196.50.240/; sid:900605778; rev:1;) alert tcp $HOME_NET any -> [154.79.244.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.244.182/; sid:900605780; rev:1;) alert tcp $HOME_NET any -> [131.0.112.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.112.122/; sid:900605781; rev:1;) alert tcp $HOME_NET any -> [181.176.161.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.161.143/; sid:900605782; rev:1;) alert tcp $HOME_NET any -> [178.254.161.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.161.250/; sid:900605783; rev:1;) alert tcp $HOME_NET any -> [178.134.47.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.47.166/; sid:900605784; rev:1;) alert tcp $HOME_NET any -> [154.79.245.158] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.245.158/; sid:900605785; rev:1;) alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900605786; rev:1;) alert tcp $HOME_NET any -> [178.72.192.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.72.192.20/; sid:900605787; rev:1;) alert tcp $HOME_NET any -> [158.181.179.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.179.229/; sid:900605788; rev:1;) alert tcp $HOME_NET any -> [139.255.116.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.116.42/; sid:900605789; rev:1;) alert tcp $HOME_NET any -> [185.148.168.240] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.240/; sid:900605797; rev:1;) alert tcp $HOME_NET any -> [162.216.125.131] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.125.131/; sid:900605798; rev:1;) alert tcp $HOME_NET any -> [193.200.130.178] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.178/; sid:900605799; rev:1;) alert tcp $HOME_NET any -> [195.9.232.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.232.252/; sid:900605801; rev:1;) alert tcp $HOME_NET any -> [185.148.168.26] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.26/; sid:900605802; rev:1;) alert tcp $HOME_NET any -> [78.46.73.125] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.73.125/; sid:900605803; rev:1;) alert tcp $HOME_NET any -> [193.47.240.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.47.240.8/; sid:900605804; rev:1;) alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900605805; rev:1;) alert tcp $HOME_NET any -> [188.226.199.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.226.199.7/; sid:900605806; rev:1;) alert tcp $HOME_NET any -> [46.101.216.218] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.216.218/; sid:900605807; rev:1;) alert tcp $HOME_NET any -> [178.254.33.197] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.197/; sid:900605808; rev:1;) alert tcp $HOME_NET any -> [167.114.113.13] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.113.13/; sid:900605813; rev:1;) alert tcp $HOME_NET any -> [193.200.130.181] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.181/; sid:900605814; rev:1;) alert tcp $HOME_NET any -> [67.207.83.96] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.83.96/; sid:900605815; rev:1;) alert tcp $HOME_NET any -> [45.55.134.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900605816; rev:1;) alert tcp $HOME_NET any -> [190.152.4.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.202/; sid:900605817; rev:1;) alert tcp $HOME_NET any -> [103.54.41.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.41.193/; sid:900605821; rev:1;) alert tcp $HOME_NET any -> [210.65.244.183] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.183/; sid:900605822; rev:1;) alert tcp $HOME_NET any -> [210.65.244.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.176/; sid:900605823; rev:1;) alert tcp $HOME_NET any -> [37.34.58.210] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.58.210/; sid:900605824; rev:1;) alert tcp $HOME_NET any -> [210.65.244.179] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.179/; sid:900605825; rev:1;) alert tcp $HOME_NET any -> [117.54.250.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.250.246/; sid:900605826; rev:1;) alert tcp $HOME_NET any -> [131.100.24.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.215/; sid:900605827; rev:1;) alert tcp $HOME_NET any -> [146.185.170.249] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.170.249/; sid:900605828; rev:1;) alert tcp $HOME_NET any -> [210.65.244.182] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.182/; sid:900605829; rev:1;) alert tcp $HOME_NET any -> [103.111.199.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.199.76/; sid:900605830; rev:1;) alert tcp $HOME_NET any -> [131.100.24.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900605831; rev:1;) alert tcp $HOME_NET any -> [115.73.211.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.73.211.230/; sid:900605832; rev:1;) alert tcp $HOME_NET any -> [188.40.137.206] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900605833; rev:1;) alert tcp $HOME_NET any -> [131.100.24.217] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.217/; sid:900605834; rev:1;) alert tcp $HOME_NET any -> [103.9.77.211] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.77.211/; sid:900605835; rev:1;) alert tcp $HOME_NET any -> [210.65.244.169] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.169/; sid:900605836; rev:1;) alert tcp $HOME_NET any -> [94.247.168.64] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.168.64/; sid:900605837; rev:1;) alert tcp $HOME_NET any -> [162.144.34.234] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.34.234/; sid:900605838; rev:1;) alert tcp $HOME_NET any -> [162.144.76.184] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900605839; rev:1;) alert tcp $HOME_NET any -> [198.20.253.36] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.20.253.36/; sid:900605840; rev:1;) alert tcp $HOME_NET any -> [159.8.59.82] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900605841; rev:1;) alert tcp $HOME_NET any -> [66.113.160.126] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.113.160.126/; sid:900605842; rev:1;) alert tcp $HOME_NET any -> [95.138.161.226] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.138.161.226/; sid:900605843; rev:1;) alert tcp $HOME_NET any -> [131.100.24.202] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.202/; sid:900605844; rev:1;) alert tcp $HOME_NET any -> [193.160.214.95] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.160.214.95/; sid:900605845; rev:1;) alert tcp $HOME_NET any -> [67.43.4.76] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.43.4.76/; sid:900605846; rev:1;) alert tcp $HOME_NET any -> [185.138.78.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.138.78.73/; sid:900605851; rev:1;) alert tcp $HOME_NET any -> [82.165.145.100] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900605853; rev:1;) alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900605854; rev:1;) alert tcp $HOME_NET any -> [94.177.255.18] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.255.18/; sid:900605855; rev:1;) alert tcp $HOME_NET any -> [91.191.172.125] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.125/; sid:900605856; rev:1;) alert tcp $HOME_NET any -> [218.38.136.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.136.5/; sid:900605857; rev:1;) alert tcp $HOME_NET any -> [194.5.249.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.143/; sid:900605860; rev:1;) alert tcp $HOME_NET any -> [162.241.209.225] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.209.225/; sid:900605862; rev:1;) alert tcp $HOME_NET any -> [82.209.17.209] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.209.17.209/; sid:900605863; rev:1;) alert tcp $HOME_NET any -> [43.229.206.212] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.212/; sid:900605864; rev:1;) alert tcp $HOME_NET any -> [1.234.20.244] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.20.244/; sid:900605866; rev:1;) alert tcp $HOME_NET any -> [45.123.40.54] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.40.54/; sid:900605867; rev:1;) alert tcp $HOME_NET any -> [180.250.21.2] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900605868; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900605871; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900605872; rev:1;) alert tcp $HOME_NET any -> [77.72.145.112] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.145.112/; sid:900605875; rev:1;) alert tcp $HOME_NET any -> [128.199.200.38] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.200.38/; sid:900605876; rev:1;) alert tcp $HOME_NET any -> [192.163.233.216] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.233.216/; sid:900605877; rev:1;) alert tcp $HOME_NET any -> [43.229.206.244] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.244/; sid:900605878; rev:1;) alert tcp $HOME_NET any -> [46.254.128.174] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.254.128.174/; sid:900605881; rev:1;) alert tcp $HOME_NET any -> [162.241.41.92] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.92/; sid:900605883; rev:1;) alert tcp $HOME_NET any -> [210.65.244.187] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.187/; sid:900605885; rev:1;) alert tcp $HOME_NET any -> [185.183.159.100] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.159.100/; sid:900605886; rev:1;) alert tcp $HOME_NET any -> [185.242.89.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.89.198/; sid:900605888; rev:1;) alert tcp $HOME_NET any -> [181.176.221.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.151/; sid:900605891; rev:1;) alert tcp $HOME_NET any -> [181.176.174.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.174.139/; sid:900605892; rev:1;) alert tcp $HOME_NET any -> [185.242.88.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.88.63/; sid:900605893; rev:1;) alert tcp $HOME_NET any -> [186.32.3.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.3.108/; sid:900605894; rev:1;) alert tcp $HOME_NET any -> [185.80.92.160] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.80.92.160/; sid:900605898; rev:1;) alert tcp $HOME_NET any -> [180.250.21.5] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.5/; sid:900605900; rev:1;) alert tcp $HOME_NET any -> [197.254.14.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.14.238/; sid:900605901; rev:1;) alert tcp $HOME_NET any -> [144.48.139.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.139.206/; sid:900605902; rev:1;) alert tcp $HOME_NET any -> [27.72.107.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.107.215/; sid:900605903; rev:1;) alert tcp $HOME_NET any -> [201.23.76.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.23.76.18/; sid:900605904; rev:1;) alert tcp $HOME_NET any -> [185.189.55.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900605905; rev:1;) alert tcp $HOME_NET any -> [196.43.106.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.43.106.38/; sid:900605906; rev:1;) alert tcp $HOME_NET any -> [190.110.179.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.179.139/; sid:900605907; rev:1;) alert tcp $HOME_NET any -> [37.228.70.134] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.70.134/; sid:900605908; rev:1;) alert tcp $HOME_NET any -> [185.9.187.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.9.187.10/; sid:900605909; rev:1;) alert tcp $HOME_NET any -> [91.235.129.79] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.79/; sid:900605910; rev:1;) alert tcp $HOME_NET any -> [128.199.182.253] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.182.253/; sid:900605911; rev:1;) alert tcp $HOME_NET any -> [14.241.244.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.244.60/; sid:900605912; rev:1;) alert tcp $HOME_NET any -> [196.41.57.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605914; rev:1;) alert tcp $HOME_NET any -> [103.164.180.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.164.180.66/; sid:900605915; rev:1;) alert tcp $HOME_NET any -> [109.207.165.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.207.165.40/; sid:900605916; rev:1;) alert tcp $HOME_NET any -> [212.200.25.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.200.25.118/; sid:900605917; rev:1;) alert tcp $HOME_NET any -> [181.167.217.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.217.53/; sid:900605918; rev:1;) alert tcp $HOME_NET any -> [186.97.172.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.172.178/; sid:900605919; rev:1;) alert tcp $HOME_NET any -> [186.66.15.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.15.10/; sid:900605920; rev:1;) alert tcp $HOME_NET any -> [181.129.116.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.116.58/; sid:900605921; rev:1;) alert tcp $HOME_NET any -> [177.67.137.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.137.111/; sid:900605922; rev:1;) alert tcp $HOME_NET any -> [189.206.78.155] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.206.78.155/; sid:900605924; rev:1;) alert tcp $HOME_NET any -> [45.229.71.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605925; rev:1;) alert tcp $HOME_NET any -> [181.129.242.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.242.202/; sid:900605926; rev:1;) alert tcp $HOME_NET any -> [202.166.196.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.166.196.111/; sid:900605927; rev:1;) alert tcp $HOME_NET any -> [187.19.167.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.19.167.233/; sid:900605928; rev:1;) alert tcp $HOME_NET any -> [186.225.63.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.63.18/; sid:900605929; rev:1;) alert tcp $HOME_NET any -> [43.245.216.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.116/; sid:900605930; rev:1;) alert tcp $HOME_NET any -> [202.138.242.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.138.242.7/; sid:900605931; rev:1;) alert tcp $HOME_NET any -> [144.48.138.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.138.213/; sid:900605932; rev:1;) alert tcp $HOME_NET any -> [36.94.100.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.100.202/; sid:900605933; rev:1;) alert tcp $HOME_NET any -> [36.94.27.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.27.124/; sid:900605934; rev:1;) alert tcp $HOME_NET any -> [45.178.142.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.178.142.14/; sid:900605935; rev:1;) alert tcp $HOME_NET any -> [49.156.34.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.34.134/; sid:900605936; rev:1;) alert tcp $HOME_NET any -> [203.114.109.114] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.114/; sid:900605937; rev:1;) alert tcp $HOME_NET any -> [190.109.204.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.204.126/; sid:900605938; rev:1;) alert tcp $HOME_NET any -> [103.124.145.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.145.98/; sid:900605940; rev:1;) alert tcp $HOME_NET any -> [85.248.1.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.248.1.126/; sid:900605941; rev:1;) alert tcp $HOME_NET any -> [94.183.237.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.237.101/; sid:900605942; rev:1;) alert tcp $HOME_NET any -> [114.7.240.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.7.240.222/; sid:900605943; rev:1;) alert tcp $HOME_NET any -> [89.37.1.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.37.1.2/; sid:900605944; rev:1;) alert tcp $HOME_NET any -> [94.142.179.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.77/; sid:900605945; rev:1;) alert tcp $HOME_NET any -> [146.196.121.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.121.219/; sid:900605946; rev:1;) alert tcp $HOME_NET any -> [94.142.179.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.179/; sid:900605947; rev:1;) alert tcp $HOME_NET any -> [85.175.171.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605948; rev:1;) alert tcp $HOME_NET any -> [177.221.39.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.39.161/; sid:900605949; rev:1;) alert tcp $HOME_NET any -> [46.209.140.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.209.140.220/; sid:900605950; rev:1;) alert tcp $HOME_NET any -> [88.150.240.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.240.129/; sid:900605951; rev:1;) alert tcp $HOME_NET any -> [123.231.149.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605952; rev:1;) alert tcp $HOME_NET any -> [103.101.104.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.104.229/; sid:900605953; rev:1;) alert tcp $HOME_NET any -> [116.0.6.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.6.110/; sid:900605954; rev:1;) alert tcp $HOME_NET any -> [182.160.116.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.116.190/; sid:900605955; rev:1;) alert tcp $HOME_NET any -> [103.242.104.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.68/; sid:900605956; rev:1;) alert tcp $HOME_NET any -> [180.178.106.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.106.50/; sid:900605957; rev:1;) alert tcp $HOME_NET any -> [103.12.160.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.160.164/; sid:900605958; rev:1;) alert tcp $HOME_NET any -> [91.83.88.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.88.122/; sid:900605960; rev:1;) alert tcp $HOME_NET any -> [186.42.253.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.253.110/; sid:900605961; rev:1;) alert tcp $HOME_NET any -> [104.238.138.234] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900605964; rev:1;) alert tcp $HOME_NET any -> [95.85.255.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.255.220/; sid:900605965; rev:1;) alert tcp $HOME_NET any -> [94.23.86.141] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.86.141/; sid:900605966; rev:1;) alert tcp $HOME_NET any -> [62.75.161.205] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.161.205/; sid:900605967; rev:1;) alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900605968; rev:1;) alert tcp $HOME_NET any -> [162.214.106.107] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.106.107/; sid:900605970; rev:1;) alert tcp $HOME_NET any -> [190.214.44.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.44.58/; sid:900605972; rev:1;) alert tcp $HOME_NET any -> [51.77.82.110] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.110/; sid:900605973; rev:1;) alert tcp $HOME_NET any -> [207.210.192.60] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.192.60/; sid:900605974; rev:1;) alert tcp $HOME_NET any -> [159.69.237.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.237.186/; sid:900605975; rev:1;) alert tcp $HOME_NET any -> [116.212.152.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.152.225/; sid:900605977; rev:1;) alert tcp $HOME_NET any -> [157.245.231.228] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.231.228/; sid:900605978; rev:1;) alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900605979; rev:1;) alert tcp $HOME_NET any -> [45.158.199.220] 30333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.158.199.220/; sid:900605980; rev:1;) alert tcp $HOME_NET any -> [199.204.214.52] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.52/; sid:900605981; rev:1;) alert tcp $HOME_NET any -> [45.233.146.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.233.146.114/; sid:900605982; rev:1;) alert tcp $HOME_NET any -> [91.200.186.229] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.229/; sid:900605983; rev:1;) alert tcp $HOME_NET any -> [128.199.36.62] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.36.62/; sid:900605984; rev:1;) alert tcp $HOME_NET any -> [50.116.54.215] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.215/; sid:900605985; rev:1;) alert tcp $HOME_NET any -> [142.93.223.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.223.149/; sid:900605986; rev:1;) alert tcp $HOME_NET any -> [162.214.127.16] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.127.16/; sid:900605987; rev:1;) alert tcp $HOME_NET any -> [177.154.161.246] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.161.246/; sid:900605988; rev:1;) alert tcp $HOME_NET any -> [144.202.49.155] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.49.155/; sid:900605989; rev:1;) alert tcp $HOME_NET any -> [103.102.220.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.102.220.50/; sid:900605998; rev:1;) alert tcp $HOME_NET any -> [177.84.63.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.84.63.252/; sid:900606007; rev:1;) alert tcp $HOME_NET any -> [185.119.120.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.119.120.213/; sid:900606013; rev:1;) alert tcp $HOME_NET any -> [83.220.115.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.115.230/; sid:900606014; rev:1;) alert tcp $HOME_NET any -> [189.195.96.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.96.238/; sid:900606023; rev:1;) alert tcp $HOME_NET any -> [115.127.160.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.127.160.171/; sid:900606026; rev:1;) alert tcp $HOME_NET any -> [186.46.28.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.28.202/; sid:900606027; rev:1;) alert tcp $HOME_NET any -> [91.235.129.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.8/; sid:900606030; rev:1;) alert tcp $HOME_NET any -> [103.242.104.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.43/; sid:900606031; rev:1;) alert tcp $HOME_NET any -> [181.112.157.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900606032; rev:1;) alert tcp $HOME_NET any -> [97.83.40.67] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.40.67/; sid:900606034; rev:1;) alert tcp $HOME_NET any -> [139.59.59.242] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.59.242/; sid:900606035; rev:1;) alert tcp $HOME_NET any -> [91.207.28.33] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.28.33/; sid:900606036; rev:1;) alert tcp $HOME_NET any -> [178.128.197.110] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.197.110/; sid:900606037; rev:1;) alert tcp $HOME_NET any -> [91.191.172.124] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.124/; sid:900606038; rev:1;) alert tcp $HOME_NET any -> [12.23.113.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.92/; sid:900606039; rev:1;) alert tcp $HOME_NET any -> [50.249.212.98] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.212.98/; sid:900606040; rev:1;) alert tcp $HOME_NET any -> [144.76.1.150] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.1.150/; sid:900606041; rev:1;) alert tcp $HOME_NET any -> [104.168.154.79] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900606042; rev:1;) alert tcp $HOME_NET any -> [185.189.55.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900606043; rev:1;) alert tcp $HOME_NET any -> [12.23.113.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.25/; sid:900606045; rev:1;) alert tcp $HOME_NET any -> [209.33.231.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.231.203/; sid:900606046; rev:1;) alert tcp $HOME_NET any -> [174.47.92.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.47.92.130/; sid:900606047; rev:1;) alert tcp $HOME_NET any -> [178.156.77.176] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.176/; sid:900606048; rev:1;) alert tcp $HOME_NET any -> [72.47.4.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.4.61/; sid:900606049; rev:1;) alert tcp $HOME_NET any -> [80.59.193.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.59.193.237/; sid:900606050; rev:1;) alert tcp $HOME_NET any -> [71.78.79.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.79.138/; sid:900606051; rev:1;) alert tcp $HOME_NET any -> [71.78.136.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.136.194/; sid:900606052; rev:1;) alert tcp $HOME_NET any -> [71.78.156.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.156.115/; sid:900606053; rev:1;) alert tcp $HOME_NET any -> [74.218.165.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.218.165.159/; sid:900606054; rev:1;) alert tcp $HOME_NET any -> [70.117.40.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.117.40.230/; sid:900606055; rev:1;) alert tcp $HOME_NET any -> [72.131.205.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.131.205.22/; sid:900606056; rev:1;) alert tcp $HOME_NET any -> [94.228.90.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.228.90.140/; sid:900606057; rev:1;) alert tcp $HOME_NET any -> [95.170.11.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.170.11.5/; sid:900606058; rev:1;) alert tcp $HOME_NET any -> [12.23.113.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.61/; sid:900606059; rev:1;) alert tcp $HOME_NET any -> [178.156.77.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.177/; sid:900606060; rev:1;) alert tcp $HOME_NET any -> [185.162.1.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.162.1.250/; sid:900606061; rev:1;) alert tcp $HOME_NET any -> [184.74.38.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.38.22/; sid:900606062; rev:1;) alert tcp $HOME_NET any -> [188.27.238.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.238.63/; sid:900606063; rev:1;) alert tcp $HOME_NET any -> [216.251.86.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.86.132/; sid:900606064; rev:1;) alert tcp $HOME_NET any -> [71.78.139.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.139.154/; sid:900606065; rev:1;) alert tcp $HOME_NET any -> [71.78.188.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.188.14/; sid:900606066; rev:1;) alert tcp $HOME_NET any -> [71.78.209.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.209.122/; sid:900606067; rev:1;) alert tcp $HOME_NET any -> [71.78.65.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.65.54/; sid:900606068; rev:1;) alert tcp $HOME_NET any -> [77.241.196.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.241.196.234/; sid:900606069; rev:1;) alert tcp $HOME_NET any -> [85.187.252.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.252.141/; sid:900606070; rev:1;) alert tcp $HOME_NET any -> [89.186.8.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.8.250/; sid:900606071; rev:1;) alert tcp $HOME_NET any -> [80.83.172.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.83.172.132/; sid:900606072; rev:1;) alert tcp $HOME_NET any -> [148.235.154.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.235.154.164/; sid:900606073; rev:1;) alert tcp $HOME_NET any -> [185.81.51.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.81.51.44/; sid:900606074; rev:1;) alert tcp $HOME_NET any -> [190.145.83.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.83.98/; sid:900606075; rev:1;) alert tcp $HOME_NET any -> [38.110.103.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.103.19/; sid:900606076; rev:1;) alert tcp $HOME_NET any -> [41.77.185.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.185.182/; sid:900606080; rev:1;) alert tcp $HOME_NET any -> [203.176.138.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.138.46/; sid:900606085; rev:1;) alert tcp $HOME_NET any -> [181.176.221.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.243/; sid:900606086; rev:1;) alert tcp $HOME_NET any -> [162.243.237.209] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.237.209/; sid:900606087; rev:1;) alert tcp $HOME_NET any -> [81.0.236.71] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.71/; sid:900606088; rev:1;) alert tcp $HOME_NET any -> [178.79.150.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.150.86/; sid:900606089; rev:1;) alert tcp $HOME_NET any -> [74.85.157.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.85.157.139/; sid:900606091; rev:1;) alert tcp $HOME_NET any -> [177.10.90.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.10.90.29/; sid:900606093; rev:1;) alert tcp $HOME_NET any -> [45.239.234.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.234.2/; sid:900606094; rev:1;) alert tcp $HOME_NET any -> [41.57.156.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.156.203/; sid:900606095; rev:1;) alert tcp $HOME_NET any -> [95.111.235.8] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.111.235.8/; sid:900606097; rev:1;) alert tcp $HOME_NET any -> [103.42.57.18] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.18/; sid:900606098; rev:1;) alert tcp $HOME_NET any -> [115.68.220.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.68.220.48/; sid:900606099; rev:1;) alert tcp $HOME_NET any -> [45.201.136.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.136.3/; sid:900606100; rev:1;) alert tcp $HOME_NET any -> [14.232.161.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.232.161.45/; sid:900606102; rev:1;) alert tcp $HOME_NET any -> [220.82.64.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.82.64.198/; sid:900606103; rev:1;) alert tcp $HOME_NET any -> [45.239.233.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.131/; sid:900606104; rev:1;) alert tcp $HOME_NET any -> [196.216.59.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.59.174/; sid:900606105; rev:1;) alert tcp $HOME_NET any -> [113.160.132.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.132.237/; sid:900606106; rev:1;) alert tcp $HOME_NET any -> [202.165.47.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.165.47.106/; sid:900606107; rev:1;) alert tcp $HOME_NET any -> [181.114.215.239] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.215.239/; sid:900606108; rev:1;) alert tcp $HOME_NET any -> [105.30.26.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.30.26.50/; sid:900606109; rev:1;) alert tcp $HOME_NET any -> [222.124.16.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.16.74/; sid:900606110; rev:1;) alert tcp $HOME_NET any -> [186.225.119.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.119.170/; sid:900606113; rev:1;) alert tcp $HOME_NET any -> [200.236.218.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.218.62/; sid:900606114; rev:1;) alert tcp $HOME_NET any -> [49.248.217.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.217.170/; sid:900606115; rev:1;) alert tcp $HOME_NET any -> [119.202.8.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.202.8.249/; sid:900606116; rev:1;) alert tcp $HOME_NET any -> [103.122.228.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.228.44/; sid:900606117; rev:1;) alert tcp $HOME_NET any -> [143.0.208.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.208.20/; sid:900606118; rev:1;) alert tcp $HOME_NET any -> [38.110.100.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.104/; sid:900606122; rev:1;) alert tcp $HOME_NET any -> [45.36.99.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.99.184/; sid:900606124; rev:1;) alert tcp $HOME_NET any -> [24.162.214.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.162.214.166/; sid:900606127; rev:1;) alert tcp $HOME_NET any -> [184.74.99.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.99.214/; sid:900606128; rev:1;) alert tcp $HOME_NET any -> [62.99.76.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.76.213/; sid:900606129; rev:1;) alert tcp $HOME_NET any -> [38.110.100.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.33/; sid:900606131; rev:1;) alert tcp $HOME_NET any -> [170.238.117.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900606132; rev:1;) alert tcp $HOME_NET any -> [5.34.74.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.74.210/; sid:900606134; rev:1;) alert tcp $HOME_NET any -> [31.207.89.74] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900606135; rev:1;) alert tcp $HOME_NET any -> [167.172.119.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.119.42/; sid:900606136; rev:1;) alert tcp $HOME_NET any -> [50.116.23.195] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.23.195/; sid:900606137; rev:1;) alert tcp $HOME_NET any -> [66.62.113.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.62.113.113/; sid:900606140; rev:1;) alert tcp $HOME_NET any -> [190.197.55.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.197.55.254/; sid:900606141; rev:1;) alert tcp $HOME_NET any -> [190.61.43.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.43.241/; sid:900606144; rev:1;) alert tcp $HOME_NET any -> [201.55.206.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.55.206.238/; sid:900606146; rev:1;) alert tcp $HOME_NET any -> [85.87.148.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.148.200/; sid:900606147; rev:1;) alert tcp $HOME_NET any -> [190.144.10.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.10.242/; sid:900606150; rev:1;) alert tcp $HOME_NET any -> [142.4.219.173] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900606151; rev:1;) alert tcp $HOME_NET any -> [104.168.155.129] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900606152; rev:1;) alert tcp $HOME_NET any -> [176.31.117.84] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.117.84/; sid:900606155; rev:1;) alert tcp $HOME_NET any -> [85.187.234.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.234.15/; sid:900606156; rev:1;) alert tcp $HOME_NET any -> [204.138.26.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.26.220/; sid:900606157; rev:1;) alert tcp $HOME_NET any -> [182.253.106.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.106.35/; sid:900606160; rev:1;) alert tcp $HOME_NET any -> [213.159.208.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.208.145/; sid:900606162; rev:1;) alert tcp $HOME_NET any -> [172.105.110.194] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.110.194/; sid:900606163; rev:1;) alert tcp $HOME_NET any -> [51.75.77.27] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.77.27/; sid:900606164; rev:1;) alert tcp $HOME_NET any -> [138.197.133.25] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.133.25/; sid:900606165; rev:1;) alert tcp $HOME_NET any -> [178.79.147.66] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.147.66/; sid:900606167; rev:1;) alert tcp $HOME_NET any -> [87.106.97.83] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900606168; rev:1;) alert tcp $HOME_NET any -> [54.191.98.150] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.191.98.150/; sid:900606169; rev:1;) alert tcp $HOME_NET any -> [209.44.106.71] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.44.106.71/; sid:900606170; rev:1;) alert tcp $HOME_NET any -> [54.37.106.167] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900606171; rev:1;) alert tcp $HOME_NET any -> [207.58.132.19] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.58.132.19/; sid:900606172; rev:1;) alert tcp $HOME_NET any -> [107.170.211.239] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.211.239/; sid:900606173; rev:1;) alert tcp $HOME_NET any -> [150.95.20.209] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900606174; rev:1;) alert tcp $HOME_NET any -> [164.68.126.207] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.126.207/; sid:900606175; rev:1;) alert tcp $HOME_NET any -> [37.59.103.148] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.103.148/; sid:900606178; rev:1;) alert tcp $HOME_NET any -> [43.229.206.214] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900606179; rev:1;) alert tcp $HOME_NET any -> [79.143.186.143] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900606180; rev:1;) alert tcp $HOME_NET any -> [195.9.84.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.84.106/; sid:900606181; rev:1;) alert tcp $HOME_NET any -> [104.168.155.113] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.113/; sid:900606182; rev:1;) alert tcp $HOME_NET any -> [107.170.64.97] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.64.97/; sid:900606184; rev:1;) alert tcp $HOME_NET any -> [212.227.94.31] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.94.31/; sid:900606185; rev:1;) alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900606190; rev:1;) alert tcp $HOME_NET any -> [202.29.60.34] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.60.34/; sid:900606191; rev:1;) alert tcp $HOME_NET any -> [78.46.78.42] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.78.42/; sid:900606192; rev:1;) alert tcp $HOME_NET any -> [46.36.221.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.36.221.177/; sid:900606193; rev:1;) alert tcp $HOME_NET any -> [194.135.33.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.220/; sid:900606195; rev:1;) alert tcp $HOME_NET any -> [5.181.80.128] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.128/; sid:900606197; rev:1;) alert tcp $HOME_NET any -> [194.15.113.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.113.73/; sid:900606198; rev:1;) alert tcp $HOME_NET any -> [45.86.65.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.65.164/; sid:900606199; rev:1;) alert tcp $HOME_NET any -> [104.245.146.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.146.203/; sid:900606201; rev:1;) alert tcp $HOME_NET any -> [79.172.201.113] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.201.113/; sid:900606202; rev:1;) alert tcp $HOME_NET any -> [114.207.112.77] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.207.112.77/; sid:900606203; rev:1;) alert tcp $HOME_NET any -> [178.132.7.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.132.7.117/; sid:900606204; rev:1;) alert tcp $HOME_NET any -> [192.119.110.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.110.250/; sid:900606205; rev:1;) alert tcp $HOME_NET any -> [195.123.222.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.222.44/; sid:900606206; rev:1;) alert tcp $HOME_NET any -> [151.236.30.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.30.38/; sid:900606207; rev:1;) alert tcp $HOME_NET any -> [172.83.155.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.212/; sid:900606208; rev:1;) alert tcp $HOME_NET any -> [185.99.133.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.133.118/; sid:900606209; rev:1;) alert tcp $HOME_NET any -> [45.86.74.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.74.32/; sid:900606210; rev:1;) alert tcp $HOME_NET any -> [45.142.158.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.158.199/; sid:900606211; rev:1;) alert tcp $HOME_NET any -> [103.208.86.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.3/; sid:900606212; rev:1;) alert tcp $HOME_NET any -> [81.0.236.93] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900606214; rev:1;) alert tcp $HOME_NET any -> [178.238.236.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.236.59/; sid:900606215; rev:1;) alert tcp $HOME_NET any -> [104.245.52.73] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900606216; rev:1;) alert tcp $HOME_NET any -> [109.104.92.237] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.92.237/; sid:900606217; rev:1;) alert tcp $HOME_NET any -> [162.243.96.221] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.96.221/; sid:900606218; rev:1;) alert tcp $HOME_NET any -> [178.33.158.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.158.180/; sid:900606223; rev:1;) alert tcp $HOME_NET any -> [109.74.50.71] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.50.71/; sid:900606224; rev:1;) alert tcp $HOME_NET any -> [177.185.32.10] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.185.32.10/; sid:900606225; rev:1;) alert tcp $HOME_NET any -> [68.183.216.174] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.216.174/; sid:900606228; rev:1;) alert tcp $HOME_NET any -> [139.162.202.74] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.202.74/; sid:900606229; rev:1;) alert tcp $HOME_NET any -> [45.79.33.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900606230; rev:1;) alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900606231; rev:1;) alert tcp $HOME_NET any -> [46.55.222.10] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.10/; sid:900606232; rev:1;) alert tcp $HOME_NET any -> [173.212.243.155] 7002 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.243.155/; sid:900606233; rev:1;) alert tcp $HOME_NET any -> [177.75.5.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.75.5.222/; sid:900606234; rev:1;) alert tcp $HOME_NET any -> [105.27.205.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.27.205.34/; sid:900606235; rev:1;) alert tcp $HOME_NET any -> [5.152.175.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.152.175.57/; sid:900606236; rev:1;) alert tcp $HOME_NET any -> [185.227.170.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.227.170.13/; sid:900606237; rev:1;) alert tcp $HOME_NET any -> [38.110.100.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.16/; sid:900606238; rev:1;) alert tcp $HOME_NET any -> [45.230.176.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.176.157/; sid:900606239; rev:1;) alert tcp $HOME_NET any -> [46.99.175.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.185/; sid:900606240; rev:1;) alert tcp $HOME_NET any -> [63.147.234.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.147.234.198/; sid:900606241; rev:1;) alert tcp $HOME_NET any -> [82.130.201.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.130.201.18/; sid:900606242; rev:1;) alert tcp $HOME_NET any -> [181.129.167.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900606243; rev:1;) alert tcp $HOME_NET any -> [62.99.79.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.79.77/; sid:900606244; rev:1;) alert tcp $HOME_NET any -> [128.201.76.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.76.252/; sid:900606245; rev:1;) alert tcp $HOME_NET any -> [221.147.172.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.147.172.5/; sid:900606246; rev:1;) alert tcp $HOME_NET any -> [50.21.169.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.169.122/; sid:900606248; rev:1;) alert tcp $HOME_NET any -> [216.166.148.48] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.48/; sid:900606249; rev:1;) alert tcp $HOME_NET any -> [213.155.173.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.155.173.21/; sid:900606250; rev:1;) alert tcp $HOME_NET any -> [82.139.146.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.139.146.190/; sid:900606251; rev:1;) alert tcp $HOME_NET any -> [82.114.68.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.114.68.218/; sid:900606252; rev:1;) alert tcp $HOME_NET any -> [202.5.56.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.5.56.40/; sid:900606253; rev:1;) alert tcp $HOME_NET any -> [188.74.32.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.74.32.54/; sid:900606254; rev:1;) alert tcp $HOME_NET any -> [183.105.49.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.105.49.9/; sid:900606255; rev:1;) alert tcp $HOME_NET any -> [115.88.53.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.53.164/; sid:900606256; rev:1;) alert tcp $HOME_NET any -> [24.242.237.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.242.237.172/; sid:900606257; rev:1;) alert tcp $HOME_NET any -> [177.67.203.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.203.124/; sid:900606258; rev:1;) alert tcp $HOME_NET any -> [177.87.57.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.57.93/; sid:900606259; rev:1;) alert tcp $HOME_NET any -> [196.216.220.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.220.211/; sid:900606260; rev:1;) alert tcp $HOME_NET any -> [36.67.97.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.97.127/; sid:900606261; rev:1;) alert tcp $HOME_NET any -> [103.238.203.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.203.82/; sid:900606263; rev:1;) alert tcp $HOME_NET any -> [177.52.173.20] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.173.20/; sid:900606266; rev:1;) alert tcp $HOME_NET any -> [166.62.103.55] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.62.103.55/; sid:900606267; rev:1;) alert tcp $HOME_NET any -> [103.140.207.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.207.110/; sid:900606268; rev:1;) alert tcp $HOME_NET any -> [197.156.129.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.156.129.250/; sid:900606269; rev:1;) alert tcp $HOME_NET any -> [116.203.25.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.25.236/; sid:900606270; rev:1;) alert tcp $HOME_NET any -> [103.109.247.13] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.13/; sid:900606271; rev:1;) alert tcp $HOME_NET any -> [103.253.107.156] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.156/; sid:900606272; rev:1;) alert tcp $HOME_NET any -> [36.89.98.183] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.98.183/; sid:900606273; rev:1;) alert tcp $HOME_NET any -> [88.87.15.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.87.15.96/; sid:900606274; rev:1;) alert tcp $HOME_NET any -> [45.239.233.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.109/; sid:900606275; rev:1;) alert tcp $HOME_NET any -> [106.243.129.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.129.116/; sid:900606276; rev:1;) alert tcp $HOME_NET any -> [59.4.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.4.68.75/; sid:900606277; rev:1;) alert tcp $HOME_NET any -> [185.164.32.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.148/; sid:900606278; rev:1;) alert tcp $HOME_NET any -> [46.99.175.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.149/; sid:900606279; rev:1;) alert tcp $HOME_NET any -> [46.99.175.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.217/; sid:900606280; rev:1;) alert tcp $HOME_NET any -> [46.99.188.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.188.223/; sid:900606281; rev:1;) alert tcp $HOME_NET any -> [185.56.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.175.122/; sid:900606282; rev:1;) alert tcp $HOME_NET any -> [179.189.229.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.189.229.254/; sid:900606283; rev:1;) alert tcp $HOME_NET any -> [65.152.201.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.152.201.203/; sid:900606284; rev:1;) alert tcp $HOME_NET any -> [216.166.148.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.187/; sid:900606285; rev:1;) alert tcp $HOME_NET any -> [182.253.210.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.210.130/; sid:900606286; rev:1;) alert tcp $HOME_NET any -> [186.235.48.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.48.8/; sid:900606289; rev:1;) alert tcp $HOME_NET any -> [113.160.37.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.37.196/; sid:900606290; rev:1;) alert tcp $HOME_NET any -> [137.74.112.43] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.112.43/; sid:900606291; rev:1;) alert tcp $HOME_NET any -> [216.108.227.55] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.108.227.55/; sid:900606292; rev:1;) alert tcp $HOME_NET any -> [94.177.176.51] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.176.51/; sid:900606293; rev:1;) alert tcp $HOME_NET any -> [24.28.12.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.12.23/; sid:900606294; rev:1;) alert tcp $HOME_NET any -> [139.59.124.65] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.124.65/; sid:900606295; rev:1;) alert tcp $HOME_NET any -> [138.121.91.136] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.121.91.136/; sid:900606296; rev:1;) alert tcp $HOME_NET any -> [103.253.107.155] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.155/; sid:900606297; rev:1;) alert tcp $HOME_NET any -> [147.91.31.1] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.91.31.1/; sid:900606300; rev:1;) alert tcp $HOME_NET any -> [176.9.89.122] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.89.122/; sid:900606301; rev:1;) alert tcp $HOME_NET any -> [158.106.98.110] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.106.98.110/; sid:900606303; rev:1;) alert tcp $HOME_NET any -> [149.210.181.82] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.210.181.82/; sid:900606304; rev:1;) alert tcp $HOME_NET any -> [178.33.13.40] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.13.40/; sid:900606305; rev:1;) alert tcp $HOME_NET any -> [36.66.188.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.188.251/; sid:900606306; rev:1;) alert tcp $HOME_NET any -> [103.30.247.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.115/; sid:900606308; rev:1;) alert tcp $HOME_NET any -> [190.93.208.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.93.208.53/; sid:900606309; rev:1;) alert tcp $HOME_NET any -> [38.110.100.64] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.64/; sid:900606310; rev:1;) alert tcp $HOME_NET any -> [38.110.100.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.219/; sid:900606311; rev:1;) alert tcp $HOME_NET any -> [96.9.77.56] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.77.56/; sid:900606312; rev:1;) alert tcp $HOME_NET any -> [165.22.28.242] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.28.242/; sid:900606314; rev:1;) alert tcp $HOME_NET any -> [118.42.135.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.42.135.173/; sid:900606315; rev:1;) alert tcp $HOME_NET any -> [79.106.115.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.107/; sid:900606316; rev:1;) alert tcp $HOME_NET any -> [103.248.217.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.217.234/; sid:900606317; rev:1;) alert tcp $HOME_NET any -> [43.252.158.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.158.104/; sid:900606321; rev:1;) alert tcp $HOME_NET any -> [75.176.235.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.176.235.182/; sid:900606322; rev:1;) alert tcp $HOME_NET any -> [125.234.128.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.234.128.250/; sid:900606324; rev:1;) alert tcp $HOME_NET any -> [87.98.128.76] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.98.128.76/; sid:900606325; rev:1;) alert tcp $HOME_NET any -> [80.241.218.90] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.218.90/; sid:900606326; rev:1;) alert tcp $HOME_NET any -> [103.161.172.109] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.109/; sid:900606327; rev:1;) alert tcp $HOME_NET any -> [45.181.207.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.207.7/; sid:900606329; rev:1;) alert tcp $HOME_NET any -> [78.111.121.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.111.121.2/; sid:900606330; rev:1;) alert tcp $HOME_NET any -> [103.148.201.66] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.201.66/; sid:900606332; rev:1;) alert tcp $HOME_NET any -> [45.181.206.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.206.8/; sid:900606333; rev:1;) alert tcp $HOME_NET any -> [103.36.50.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.50.251/; sid:900606336; rev:1;) alert tcp $HOME_NET any -> [103.73.224.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.224.46/; sid:900606337; rev:1;) alert tcp $HOME_NET any -> [116.212.132.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.197/; sid:900606338; rev:1;) alert tcp $HOME_NET any -> [168.205.192.71] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.205.192.71/; sid:900606339; rev:1;) alert tcp $HOME_NET any -> [186.101.84.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.84.222/; sid:900606340; rev:1;) alert tcp $HOME_NET any -> [201.174.75.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.75.107/; sid:900606341; rev:1;) alert tcp $HOME_NET any -> [201.174.52.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.52.20/; sid:900606342; rev:1;) alert tcp $HOME_NET any -> [45.7.132.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.7.132.229/; sid:900606344; rev:1;) alert tcp $HOME_NET any -> [45.40.132.219] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.40.132.219/; sid:900606345; rev:1;) alert tcp $HOME_NET any -> [190.183.237.119] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.237.119/; sid:900606346; rev:1;) alert tcp $HOME_NET any -> [103.253.107.198] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.198/; sid:900606347; rev:1;) alert tcp $HOME_NET any -> [172.104.58.76] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.58.76/; sid:900606349; rev:1;) alert tcp $HOME_NET any -> [204.174.223.210] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.174.223.210/; sid:900606350; rev:1;) alert tcp $HOME_NET any -> [51.91.105.97] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.105.97/; sid:900606351; rev:1;) alert tcp $HOME_NET any -> [134.209.182.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.182.12/; sid:900606352; rev:1;) alert tcp $HOME_NET any -> [188.40.100.254] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.100.254/; sid:900606353; rev:1;) alert tcp $HOME_NET any -> [103.109.247.9] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.9/; sid:900606354; rev:1;) alert tcp $HOME_NET any -> [163.172.217.74] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.217.74/; sid:900606360; rev:1;) alert tcp $HOME_NET any -> [74.63.218.139] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900606361; rev:1;) alert tcp $HOME_NET any -> [142.11.214.93] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.214.93/; sid:900606362; rev:1;) alert tcp $HOME_NET any -> [148.251.238.52] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.238.52/; sid:900606364; rev:1;) alert tcp $HOME_NET any -> [209.216.243.2] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.216.243.2/; sid:900606365; rev:1;) alert tcp $HOME_NET any -> [103.30.247.116] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.116/; sid:900606366; rev:1;) alert tcp $HOME_NET any -> [50.116.62.25] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.62.25/; sid:900606367; rev:1;) alert tcp $HOME_NET any -> [185.143.48.16] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.143.48.16/; sid:900606368; rev:1;) alert tcp $HOME_NET any -> [119.18.149.168] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.18.149.168/; sid:900606371; rev:1;) alert tcp $HOME_NET any -> [163.53.80.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.80.223/; sid:900606372; rev:1;) alert tcp $HOME_NET any -> [175.29.173.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.29.173.58/; sid:900606373; rev:1;) alert tcp $HOME_NET any -> [14.163.55.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.163.55.123/; sid:900606374; rev:1;) alert tcp $HOME_NET any -> [177.21.100.121] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.21.100.121/; sid:900606375; rev:1;) alert tcp $HOME_NET any -> [200.125.170.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.226/; sid:900606376; rev:1;) alert tcp $HOME_NET any -> [200.125.170.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.227/; sid:900606377; rev:1;) alert tcp $HOME_NET any -> [200.121.194.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.121.194.2/; sid:900606378; rev:1;) alert tcp $HOME_NET any -> [200.125.170.228] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.228/; sid:900606379; rev:1;) alert tcp $HOME_NET any -> [200.125.170.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.229/; sid:900606380; rev:1;) alert tcp $HOME_NET any -> [200.125.170.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.230/; sid:900606381; rev:1;) alert tcp $HOME_NET any -> [167.99.61.111] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.61.111/; sid:900606385; rev:1;) alert tcp $HOME_NET any -> [195.234.101.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.234.101.236/; sid:900606386; rev:1;) alert tcp $HOME_NET any -> [209.89.76.47] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.89.76.47/; sid:900606387; rev:1;) alert tcp $HOME_NET any -> [51.79.50.122] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.50.122/; sid:900606389; rev:1;) alert tcp $HOME_NET any -> [138.201.222.158] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.222.158/; sid:900606390; rev:1;) alert tcp $HOME_NET any -> [222.124.142.67] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.142.67/; sid:900606391; rev:1;) alert tcp $HOME_NET any -> [217.18.75.120] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.18.75.120/; sid:900606393; rev:1;) alert tcp $HOME_NET any -> [185.82.144.173] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.144.173/; sid:900606394; rev:1;) alert tcp $HOME_NET any -> [185.86.151.208] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.208/; sid:900606395; rev:1;) alert tcp $HOME_NET any -> [54.39.98.141] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.98.141/; sid:900606397; rev:1;) alert tcp $HOME_NET any -> [103.82.248.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.248.59/; sid:900606398; rev:1;) alert tcp $HOME_NET any -> [103.109.247.8] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.8/; sid:900606399; rev:1;) alert tcp $HOME_NET any -> [5.135.167.231] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.167.231/; sid:900606402; rev:1;) alert tcp $HOME_NET any -> [212.53.160.143] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.53.160.143/; sid:900606403; rev:1;) alert tcp $HOME_NET any -> [51.75.162.188] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.162.188/; sid:900606407; rev:1;) alert tcp $HOME_NET any -> [192.99.150.39] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.150.39/; sid:900606412; rev:1;) alert tcp $HOME_NET any -> [46.101.182.168] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.182.168/; sid:900606413; rev:1;) alert tcp $HOME_NET any -> [216.120.236.127] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.120.236.127/; sid:900606414; rev:1;) alert tcp $HOME_NET any -> [103.56.207.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.56.207.249/; sid:900606416; rev:1;) alert tcp $HOME_NET any -> [180.250.217.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.217.98/; sid:900606417; rev:1;) alert tcp $HOME_NET any -> [185.42.224.119] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.42.224.119/; sid:900606420; rev:1;) alert tcp $HOME_NET any -> [37.235.25.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.25.106/; sid:900606421; rev:1;) alert tcp $HOME_NET any -> [190.0.2.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.2.98/; sid:900606422; rev:1;) alert tcp $HOME_NET any -> [200.58.180.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.180.138/; sid:900606423; rev:1;) alert tcp $HOME_NET any -> [77.46.134.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.46.134.84/; sid:900606424; rev:1;) alert tcp $HOME_NET any -> [213.136.86.165] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.136.86.165/; sid:900606426; rev:1;) alert tcp $HOME_NET any -> [45.33.33.91] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.33.91/; sid:900606427; rev:1;) alert tcp $HOME_NET any -> [193.25.100.114] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.25.100.114/; sid:900606430; rev:1;) alert tcp $HOME_NET any -> [97.107.134.115] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.134.115/; sid:900606431; rev:1;) alert tcp $HOME_NET any -> [103.253.107.153] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.153/; sid:900606432; rev:1;) alert tcp $HOME_NET any -> [146.196.122.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.10/; sid:900606434; rev:1;) alert tcp $HOME_NET any -> [103.87.173.60] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.173.60/; sid:900606435; rev:1;) alert tcp $HOME_NET any -> [45.32.243.209] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.243.209/; sid:900606436; rev:1;) alert tcp $HOME_NET any -> [207.180.208.54] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.208.54/; sid:900606437; rev:1;) alert tcp $HOME_NET any -> [103.225.205.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.205.145/; sid:900606440; rev:1;) alert tcp $HOME_NET any -> [103.253.208.95] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.208.95/; sid:900606441; rev:1;) alert tcp $HOME_NET any -> [103.89.254.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.254.209/; sid:900606442; rev:1;) alert tcp $HOME_NET any -> [117.222.61.236] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.236/; sid:900606443; rev:1;) alert tcp $HOME_NET any -> [117.252.68.248] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.68.248/; sid:900606444; rev:1;) alert tcp $HOME_NET any -> [117.252.20.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.20.222/; sid:900606445; rev:1;) alert tcp $HOME_NET any -> [117.254.63.4] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.254.63.4/; sid:900606446; rev:1;) alert tcp $HOME_NET any -> [117.222.62.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.62.101/; sid:900606447; rev:1;) alert tcp $HOME_NET any -> [122.186.45.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.45.203/; sid:900606448; rev:1;) alert tcp $HOME_NET any -> [103.43.4.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.43.4.82/; sid:900606449; rev:1;) alert tcp $HOME_NET any -> [146.196.122.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.153/; sid:900606450; rev:1;) alert tcp $HOME_NET any -> [146.196.122.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.157/; sid:900606451; rev:1;) alert tcp $HOME_NET any -> [14.102.25.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.25.100/; sid:900606452; rev:1;) alert tcp $HOME_NET any -> [194.190.18.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.18.122/; sid:900606453; rev:1;) alert tcp $HOME_NET any -> [186.4.193.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.193.75/; sid:900606454; rev:1;) alert tcp $HOME_NET any -> [103.92.200.13] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.92.200.13/; sid:900606456; rev:1;) alert tcp $HOME_NET any -> [45.80.173.80] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.173.80/; sid:900606457; rev:1;) alert tcp $HOME_NET any -> [207.154.208.93] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900606458; rev:1;) alert tcp $HOME_NET any -> [204.107.218.39] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.107.218.39/; sid:900606462; rev:1;) alert tcp $HOME_NET any -> [78.139.22.184] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.139.22.184/; sid:900606463; rev:1;) alert tcp $HOME_NET any -> [5.199.162.48] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.162.48/; sid:900606466; rev:1;) alert tcp $HOME_NET any -> [194.1.193.11] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.1.193.11/; sid:900606467; rev:1;) alert tcp $HOME_NET any -> [119.59.105.131] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.105.131/; sid:900606468; rev:1;) alert tcp $HOME_NET any -> [201.148.20.37] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.148.20.37/; sid:900606469; rev:1;) alert tcp $HOME_NET any -> [103.121.123.61] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.121.123.61/; sid:900606470; rev:1;) alert tcp $HOME_NET any -> [45.55.180.84] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.180.84/; sid:900606472; rev:1;) alert tcp $HOME_NET any -> [128.199.206.91] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.206.91/; sid:900606473; rev:1;) alert tcp $HOME_NET any -> [92.247.29.75] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.247.29.75/; sid:900606481; rev:1;) alert tcp $HOME_NET any -> [104.152.111.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.152.111.198/; sid:900606482; rev:1;) alert tcp $HOME_NET any -> [124.158.165.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.158.165.190/; sid:900606483; rev:1;) alert tcp $HOME_NET any -> [36.94.167.167] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900606484; rev:1;) alert tcp $HOME_NET any -> [114.79.130.68] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900606485; rev:1;) alert tcp $HOME_NET any -> [106.0.51.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.0.51.2/; sid:900606486; rev:1;) alert tcp $HOME_NET any -> [103.111.55.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.55.46/; sid:900606487; rev:1;) alert tcp $HOME_NET any -> [167.71.232.57] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.232.57/; sid:900606488; rev:1;) alert tcp $HOME_NET any -> [45.76.176.10] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900606489; rev:1;) alert tcp $HOME_NET any -> [103.233.25.228] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.25.228/; sid:900606490; rev:1;) alert tcp $HOME_NET any -> [176.100.4.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.100.4.31/; sid:900606491; rev:1;) alert tcp $HOME_NET any -> [165.73.90.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.73.90.187/; sid:900606492; rev:1;) alert tcp $HOME_NET any -> [122.117.90.133] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.117.90.133/; sid:900606493; rev:1;) alert tcp $HOME_NET any -> [103.113.105.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.105.126/; sid:900606494; rev:1;) alert tcp $HOME_NET any -> [139.255.199.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.199.196/; sid:900606495; rev:1;) alert tcp $HOME_NET any -> [157.119.215.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.215.186/; sid:900606496; rev:1;) alert tcp $HOME_NET any -> [103.75.32.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.38/; sid:900606497; rev:1;) alert tcp $HOME_NET any -> [103.94.0.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.0.178/; sid:900606498; rev:1;) alert tcp $HOME_NET any -> [103.127.67.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.127.67.38/; sid:900606499; rev:1;) alert tcp $HOME_NET any -> [103.122.108.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.108.44/; sid:900606500; rev:1;) alert tcp $HOME_NET any -> [36.95.110.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.110.19/; sid:900606501; rev:1;) alert tcp $HOME_NET any -> [36.91.36.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.36.29/; sid:900606502; rev:1;) alert tcp $HOME_NET any -> [36.37.99.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.37.99.242/; sid:900606503; rev:1;) alert tcp $HOME_NET any -> [14.102.15.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.100/; sid:900606504; rev:1;) alert tcp $HOME_NET any -> [14.102.15.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.101/; sid:900606505; rev:1;) alert tcp $HOME_NET any -> [206.225.86.233] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.225.86.233/; sid:900606507; rev:1;) alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900606508; rev:1;) alert tcp $HOME_NET any -> [45.76.117.129] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.117.129/; sid:900606509; rev:1;) alert tcp $HOME_NET any -> [5.199.174.90] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.174.90/; sid:900606512; rev:1;) alert tcp $HOME_NET any -> [194.141.47.9] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.141.47.9/; sid:900606513; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900606514; rev:1;) alert tcp $HOME_NET any -> [54.37.84.240] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.84.240/; sid:900606515; rev:1;) alert tcp $HOME_NET any -> [212.39.115.102] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.39.115.102/; sid:900606516; rev:1;) alert tcp $HOME_NET any -> [156.67.220.186] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.220.186/; sid:900606517; rev:1;) alert tcp $HOME_NET any -> [169.255.57.61] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.57.61/; sid:900606519; rev:1;) alert tcp $HOME_NET any -> [128.199.192.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900606520; rev:1;) alert tcp $HOME_NET any -> [103.58.102.177] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.58.102.177/; sid:900606521; rev:1;) alert tcp $HOME_NET any -> [103.145.213.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.145.213.106/; sid:900606522; rev:1;) alert tcp $HOME_NET any -> [103.140.206.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.206.94/; sid:900606523; rev:1;) alert tcp $HOME_NET any -> [103.78.141.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.78.141.26/; sid:900606524; rev:1;) alert tcp $HOME_NET any -> [116.50.27.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.50.27.50/; sid:900606525; rev:1;) alert tcp $HOME_NET any -> [103.144.168.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.168.162/; sid:900606526; rev:1;) alert tcp $HOME_NET any -> [148.251.190.18] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.190.18/; sid:900606530; rev:1;) alert tcp $HOME_NET any -> [202.157.177.65] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.157.177.65/; sid:900606531; rev:1;) alert tcp $HOME_NET any -> [31.173.137.39] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.39/; sid:900606533; rev:1;) alert tcp $HOME_NET any -> [115.85.78.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.85.78.118/; sid:900606535; rev:1;) alert tcp $HOME_NET any -> [31.173.137.47] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.47/; sid:900606536; rev:1;) alert tcp $HOME_NET any -> [37.57.82.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.57.82.112/; sid:900606537; rev:1;) alert tcp $HOME_NET any -> [195.138.66.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.138.66.209/; sid:900606538; rev:1;) alert tcp $HOME_NET any -> [98.0.159.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.159.122/; sid:900606539; rev:1;) alert tcp $HOME_NET any -> [175.184.232.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.184.232.234/; sid:900606540; rev:1;) alert tcp $HOME_NET any -> [139.255.41.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.41.122/; sid:900606541; rev:1;) alert tcp $HOME_NET any -> [202.179.185.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.179.185.203/; sid:900606542; rev:1;) alert tcp $HOME_NET any -> [31.173.137.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.49/; sid:900606543; rev:1;) alert tcp $HOME_NET any -> [36.89.228.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.228.201/; sid:900606544; rev:1;) alert tcp $HOME_NET any -> [36.67.109.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.109.15/; sid:900606545; rev:1;) alert tcp $HOME_NET any -> [178.159.126.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.159.126.34/; sid:900606546; rev:1;) alert tcp $HOME_NET any -> [43.252.159.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.159.190/; sid:900606549; rev:1;) alert tcp $HOME_NET any -> [124.41.211.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.211.17/; sid:900606551; rev:1;) alert tcp $HOME_NET any -> [103.52.135.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.52.135.61/; sid:900606552; rev:1;) alert tcp $HOME_NET any -> [36.92.59.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.59.93/; sid:900606554; rev:1;) alert tcp $HOME_NET any -> [31.31.75.77] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.31.75.77/; sid:900606564; rev:1;) alert tcp $HOME_NET any -> [80.211.40.191] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.40.191/; sid:900606565; rev:1;) alert tcp $HOME_NET any -> [207.154.252.203] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.252.203/; sid:900606569; rev:1;) alert tcp $HOME_NET any -> [138.197.109.175] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.109.175/; sid:900606570; rev:1;) alert tcp $HOME_NET any -> [45.33.20.41] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.20.41/; sid:900606571; rev:1;) alert tcp $HOME_NET any -> [85.254.196.150] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.254.196.150/; sid:900606573; rev:1;) alert tcp $HOME_NET any -> [185.30.32.51] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.51/; sid:900606575; rev:1;) alert tcp $HOME_NET any -> [185.250.148.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.148.74/; sid:900606576; rev:1;) alert tcp $HOME_NET any -> [81.241.252.59] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.241.252.59/; sid:900606577; rev:1;) alert tcp $HOME_NET any -> [81.250.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.250.153.227/; sid:900606578; rev:1;) alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900606579; rev:1;) alert tcp $HOME_NET any -> [95.77.223.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.77.223.148/; sid:900606580; rev:1;) alert tcp $HOME_NET any -> [47.22.148.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.22.148.6/; sid:900606581; rev:1;) alert tcp $HOME_NET any -> [199.27.127.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.27.127.129/; sid:900606582; rev:1;) alert tcp $HOME_NET any -> [105.198.236.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606583; rev:1;) alert tcp $HOME_NET any -> [216.201.162.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900606584; rev:1;) alert tcp $HOME_NET any -> [37.210.152.224] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.152.224/; sid:900606585; rev:1;) alert tcp $HOME_NET any -> [136.232.34.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.34.70/; sid:900606586; rev:1;) alert tcp $HOME_NET any -> [181.118.183.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.94/; sid:900606587; rev:1;) alert tcp $HOME_NET any -> [120.151.47.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.47.189/; sid:900606588; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900606589; rev:1;) alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900606590; rev:1;) alert tcp $HOME_NET any -> [122.11.220.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.220.212/; sid:900606591; rev:1;) alert tcp $HOME_NET any -> [177.130.82.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.130.82.197/; sid:900606592; rev:1;) alert tcp $HOME_NET any -> [24.139.72.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.72.117/; sid:900606593; rev:1;) alert tcp $HOME_NET any -> [24.229.150.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.150.54/; sid:900606594; rev:1;) alert tcp $HOME_NET any -> [186.18.205.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.205.199/; sid:900606595; rev:1;) alert tcp $HOME_NET any -> [73.151.236.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.151.236.31/; sid:900606596; rev:1;) alert tcp $HOME_NET any -> [68.204.7.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.204.7.158/; sid:900606597; rev:1;) alert tcp $HOME_NET any -> [75.188.35.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900606598; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606599; rev:1;) alert tcp $HOME_NET any -> [173.21.10.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.10.71/; sid:900606600; rev:1;) alert tcp $HOME_NET any -> [24.55.112.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.112.61/; sid:900606601; rev:1;) alert tcp $HOME_NET any -> [71.80.168.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.80.168.245/; sid:900606602; rev:1;) alert tcp $HOME_NET any -> [45.46.53.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.53.140/; sid:900606603; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606604; rev:1;) alert tcp $HOME_NET any -> [41.251.41.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.251.41.14/; sid:900606605; rev:1;) alert tcp $HOME_NET any -> [93.8.66.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.8.66.216/; sid:900606606; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606607; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606608; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606609; rev:1;) alert tcp $HOME_NET any -> [190.198.206.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.198.206.189/; sid:900606610; rev:1;) alert tcp $HOME_NET any -> [47.40.196.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.40.196.233/; sid:900606612; rev:1;) alert tcp $HOME_NET any -> [71.74.12.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.74.12.34/; sid:900606613; rev:1;) alert tcp $HOME_NET any -> [207.38.84.195] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.38.84.195/; sid:900606615; rev:1;) alert tcp $HOME_NET any -> [186.250.48.123] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.123/; sid:900606616; rev:1;) alert tcp $HOME_NET any -> [76.25.142.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.25.142.196/; sid:900606617; rev:1;) alert tcp $HOME_NET any -> [67.165.206.193] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.165.206.193/; sid:900606618; rev:1;) alert tcp $HOME_NET any -> [124.123.42.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.123.42.115/; sid:900606621; rev:1;) alert tcp $HOME_NET any -> [103.148.120.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.120.144/; sid:900606622; rev:1;) alert tcp $HOME_NET any -> [173.25.166.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.166.81/; sid:900606623; rev:1;) alert tcp $HOME_NET any -> [189.210.115.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.115.207/; sid:900606624; rev:1;) alert tcp $HOME_NET any -> [109.12.111.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.12.111.14/; sid:900606625; rev:1;) alert tcp $HOME_NET any -> [68.186.192.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.186.192.69/; sid:900606626; rev:1;) alert tcp $HOME_NET any -> [144.139.47.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.47.206/; sid:900606627; rev:1;) alert tcp $HOME_NET any -> [50.29.166.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.29.166.232/; sid:900606629; rev:1;) alert tcp $HOME_NET any -> [75.89.195.186] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.89.195.186/; sid:900606630; rev:1;) alert tcp $HOME_NET any -> [159.2.51.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.2.51.200/; sid:900606631; rev:1;) alert tcp $HOME_NET any -> [174.54.58.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.58.170/; sid:900606632; rev:1;) alert tcp $HOME_NET any -> [94.200.181.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.181.154/; sid:900606633; rev:1;) alert tcp $HOME_NET any -> [73.130.180.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.130.180.25/; sid:900606634; rev:1;) alert tcp $HOME_NET any -> [73.52.50.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.52.50.32/; sid:900606635; rev:1;) alert tcp $HOME_NET any -> [174.59.35.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.59.35.191/; sid:900606636; rev:1;) alert tcp $HOME_NET any -> [73.230.205.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.230.205.91/; sid:900606637; rev:1;) alert tcp $HOME_NET any -> [174.54.193.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.193.186/; sid:900606638; rev:1;) alert tcp $HOME_NET any -> [24.152.219.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.219.253/; sid:900606639; rev:1;) alert tcp $HOME_NET any -> [86.8.177.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.8.177.143/; sid:900606640; rev:1;) alert tcp $HOME_NET any -> [103.157.122.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.157.122.198/; sid:900606641; rev:1;) alert tcp $HOME_NET any -> [78.191.44.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.44.76/; sid:900606642; rev:1;) alert tcp $HOME_NET any -> [73.25.124.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.124.140/; sid:900606644; rev:1;) alert tcp $HOME_NET any -> [75.66.88.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.66.88.33/; sid:900606645; rev:1;) alert tcp $HOME_NET any -> [73.77.87.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606646; rev:1;) alert tcp $HOME_NET any -> [81.214.126.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.126.173/; sid:900606647; rev:1;) alert tcp $HOME_NET any -> [75.75.179.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.75.179.226/; sid:900606648; rev:1;) alert tcp $HOME_NET any -> [167.248.100.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.100.227/; sid:900606649; rev:1;) alert tcp $HOME_NET any -> [167.248.111.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.111.245/; sid:900606650; rev:1;) alert tcp $HOME_NET any -> [96.57.188.174] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.57.188.174/; sid:900606651; rev:1;) alert tcp $HOME_NET any -> [40.131.140.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.131.140.155/; sid:900606652; rev:1;) alert tcp $HOME_NET any -> [96.46.103.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.46.103.226/; sid:900606653; rev:1;) alert tcp $HOME_NET any -> [208.89.170.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.89.170.179/; sid:900606654; rev:1;) alert tcp $HOME_NET any -> [206.47.134.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.47.134.234/; sid:900606655; rev:1;) alert tcp $HOME_NET any -> [187.116.124.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.116.124.82/; sid:900606656; rev:1;) alert tcp $HOME_NET any -> [76.84.230.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.230.103/; sid:900606657; rev:1;) alert tcp $HOME_NET any -> [201.93.111.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.93.111.2/; sid:900606658; rev:1;) alert tcp $HOME_NET any -> [75.163.81.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.163.81.130/; sid:900606659; rev:1;) alert tcp $HOME_NET any -> [69.30.186.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.186.190/; sid:900606660; rev:1;) alert tcp $HOME_NET any -> [98.22.92.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.92.139/; sid:900606661; rev:1;) alert tcp $HOME_NET any -> [97.98.130.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.98.130.50/; sid:900606662; rev:1;) alert tcp $HOME_NET any -> [167.248.81.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.81.60/; sid:900606663; rev:1;) alert tcp $HOME_NET any -> [69.30.190.105] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.190.105/; sid:900606664; rev:1;) alert tcp $HOME_NET any -> [78.191.36.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.36.142/; sid:900606665; rev:1;) alert tcp $HOME_NET any -> [185.157.82.209] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.157.82.209/; sid:900606666; rev:1;) alert tcp $HOME_NET any -> [5.39.99.208] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.99.208/; sid:900606667; rev:1;) alert tcp $HOME_NET any -> [207.148.81.119] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.148.81.119/; sid:900606668; rev:1;) alert tcp $HOME_NET any -> [167.248.99.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.99.149/; sid:900606670; rev:1;) alert tcp $HOME_NET any -> [167.248.23.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.23.224/; sid:900606671; rev:1;) alert tcp $HOME_NET any -> [167.248.117.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.117.81/; sid:900606672; rev:1;) alert tcp $HOME_NET any -> [70.37.217.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.37.217.196/; sid:900606673; rev:1;) alert tcp $HOME_NET any -> [103.142.10.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.142.10.177/; sid:900606674; rev:1;) alert tcp $HOME_NET any -> [2.99.100.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.99.100.134/; sid:900606675; rev:1;) alert tcp $HOME_NET any -> [24.119.214.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.119.214.7/; sid:900606676; rev:1;) alert tcp $HOME_NET any -> [74.72.237.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.72.237.54/; sid:900606678; rev:1;) alert tcp $HOME_NET any -> [177.94.21.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.21.110/; sid:900606679; rev:1;) alert tcp $HOME_NET any -> [115.96.53.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.53.68/; sid:900606680; rev:1;) alert tcp $HOME_NET any -> [76.84.225.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.225.21/; sid:900606681; rev:1;) alert tcp $HOME_NET any -> [103.75.32.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.173/; sid:900606682; rev:1;) alert tcp $HOME_NET any -> [202.9.121.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.9.121.143/; sid:900606683; rev:1;) alert tcp $HOME_NET any -> [103.146.232.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.232.154/; sid:900606684; rev:1;) alert tcp $HOME_NET any -> [103.47.170.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.131/; sid:900606685; rev:1;) alert tcp $HOME_NET any -> [117.222.61.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.115/; sid:900606686; rev:1;) alert tcp $HOME_NET any -> [117.222.57.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.57.92/; sid:900606687; rev:1;) alert tcp $HOME_NET any -> [103.47.170.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.130/; sid:900606688; rev:1;) alert tcp $HOME_NET any -> [36.95.23.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.23.89/; sid:900606689; rev:1;) alert tcp $HOME_NET any -> [116.206.153.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.206.153.212/; sid:900606690; rev:1;) alert tcp $HOME_NET any -> [118.91.190.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.91.190.42/; sid:900606691; rev:1;) alert tcp $HOME_NET any -> [136.228.128.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.128.21/; sid:900606692; rev:1;) alert tcp $HOME_NET any -> [36.91.186.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.186.235/; sid:900606693; rev:1;) alert tcp $HOME_NET any -> [181.4.53.6] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.53.6/; sid:900606694; rev:1;) alert tcp $HOME_NET any -> [209.50.20.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.50.20.255/; sid:900606699; rev:1;) alert tcp $HOME_NET any -> [202.134.178.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.178.157/; sid:900606700; rev:1;) alert tcp $HOME_NET any -> [69.80.113.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.80.113.148/; sid:900606701; rev:1;) alert tcp $HOME_NET any -> [89.137.52.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.137.52.44/; sid:900606702; rev:1;) alert tcp $HOME_NET any -> [185.168.130.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.168.130.138/; sid:900606703; rev:1;) alert tcp $HOME_NET any -> [79.172.255.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.255.198/; sid:900606704; rev:1;) alert tcp $HOME_NET any -> [173.25.162.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.162.221/; sid:900606706; rev:1;) alert tcp $HOME_NET any -> [167.248.126.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.126.223/; sid:900606707; rev:1;) alert tcp $HOME_NET any -> [78.191.58.219] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.58.219/; sid:900606708; rev:1;) alert tcp $HOME_NET any -> [188.55.235.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.235.110/; sid:900606709; rev:1;) alert tcp $HOME_NET any -> [66.103.170.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.103.170.104/; sid:900606711; rev:1;) alert tcp $HOME_NET any -> [195.154.108.109] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.108.109/; sid:900606712; rev:1;) alert tcp $HOME_NET any -> [77.57.204.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.57.204.78/; sid:900606713; rev:1;) alert tcp $HOME_NET any -> [51.178.61.60] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900606714; rev:1;) alert tcp $HOME_NET any -> [116.203.55.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.55.59/; sid:900606715; rev:1;) alert tcp $HOME_NET any -> [213.190.4.223] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.190.4.223/; sid:900606716; rev:1;) alert tcp $HOME_NET any -> [27.223.92.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.223.92.142/; sid:900606717; rev:1;) alert tcp $HOME_NET any -> [2.222.167.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.222.167.138/; sid:900606718; rev:1;) alert tcp $HOME_NET any -> [80.6.192.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.6.192.58/; sid:900606720; rev:1;) alert tcp $HOME_NET any -> [188.50.169.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.169.158/; sid:900606721; rev:1;) alert tcp $HOME_NET any -> [209.142.97.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.142.97.161/; sid:900606722; rev:1;) alert tcp $HOME_NET any -> [200.232.214.222] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.232.214.222/; sid:900606723; rev:1;) alert tcp $HOME_NET any -> [186.32.163.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.163.199/; sid:900606724; rev:1;) alert tcp $HOME_NET any -> [72.173.78.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.173.78.211/; sid:900606725; rev:1;) alert tcp $HOME_NET any -> [98.157.235.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.235.126/; sid:900606726; rev:1;) alert tcp $HOME_NET any -> [24.171.50.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.171.50.5/; sid:900606727; rev:1;) alert tcp $HOME_NET any -> [66.177.215.152] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606728; rev:1;) alert tcp $HOME_NET any -> [177.170.201.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.170.201.134/; sid:900606729; rev:1;) alert tcp $HOME_NET any -> [66.177.215.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606730; rev:1;) alert tcp $HOME_NET any -> [73.140.38.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.140.38.124/; sid:900606731; rev:1;) alert tcp $HOME_NET any -> [110.174.64.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.174.64.179/; sid:900606732; rev:1;) alert tcp $HOME_NET any -> [38.10.197.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.197.234/; sid:900606733; rev:1;) alert tcp $HOME_NET any -> [220.255.25.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.28/; sid:900606734; rev:1;) alert tcp $HOME_NET any -> [41.86.42.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606735; rev:1;) alert tcp $HOME_NET any -> [93.48.58.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.58.123/; sid:900606736; rev:1;) alert tcp $HOME_NET any -> [41.86.42.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606737; rev:1;) alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900606738; rev:1;) alert tcp $HOME_NET any -> [73.77.87.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606739; rev:1;) alert tcp $HOME_NET any -> [187.250.159.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.159.104/; sid:900606740; rev:1;) alert tcp $HOME_NET any -> [187.172.240.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.240.28/; sid:900606741; rev:1;) alert tcp $HOME_NET any -> [188.50.26.190] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.26.190/; sid:900606742; rev:1;) alert tcp $HOME_NET any -> [85.109.229.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.229.54/; sid:900606744; rev:1;) alert tcp $HOME_NET any -> [203.213.107.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.107.174/; sid:900606747; rev:1;) alert tcp $HOME_NET any -> [37.117.191.19] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.117.191.19/; sid:900606749; rev:1;) alert tcp $HOME_NET any -> [212.112.86.37] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.86.37/; sid:900606750; rev:1;) alert tcp $HOME_NET any -> [72.52.96.202] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.52.96.202/; sid:900606751; rev:1;) alert tcp $HOME_NET any -> [139.162.232.153] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.232.153/; sid:900606753; rev:1;) alert tcp $HOME_NET any -> [5.83.45.48] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.83.45.48/; sid:900606754; rev:1;) alert tcp $HOME_NET any -> [209.239.112.82] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900606755; rev:1;) alert tcp $HOME_NET any -> [146.66.238.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.238.74/; sid:900606759; rev:1;) alert tcp $HOME_NET any -> [77.31.162.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.31.162.93/; sid:900606760; rev:1;) alert tcp $HOME_NET any -> [67.230.44.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.230.44.194/; sid:900606761; rev:1;) alert tcp $HOME_NET any -> [39.49.64.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.64.244/; sid:900606762; rev:1;) alert tcp $HOME_NET any -> [209.236.35.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.236.35.178/; sid:900606763; rev:1;) alert tcp $HOME_NET any -> [75.131.217.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.131.217.182/; sid:900606764; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606765; rev:1;) alert tcp $HOME_NET any -> [78.105.213.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.105.213.151/; sid:900606766; rev:1;) alert tcp $HOME_NET any -> [173.22.178.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.178.66/; sid:900606767; rev:1;) alert tcp $HOME_NET any -> [68.117.229.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.117.229.117/; sid:900606768; rev:1;) alert tcp $HOME_NET any -> [201.68.60.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.68.60.118/; sid:900606769; rev:1;) alert tcp $HOME_NET any -> [51.83.3.52] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.3.52/; sid:900606770; rev:1;) alert tcp $HOME_NET any -> [69.64.50.41] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.50.41/; sid:900606771; rev:1;) alert tcp $HOME_NET any -> [189.252.166.130] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.166.130/; sid:900606772; rev:1;) alert tcp $HOME_NET any -> [208.78.220.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.220.143/; sid:900606773; rev:1;) alert tcp $HOME_NET any -> [78.179.137.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.179.137.102/; sid:900606774; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606775; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606776; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606777; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606778; rev:1;) alert tcp $HOME_NET any -> [98.203.26.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.203.26.168/; sid:900606779; rev:1;) alert tcp $HOME_NET any -> [189.146.41.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.41.71/; sid:900606780; rev:1;) alert tcp $HOME_NET any -> [189.147.159.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.159.42/; sid:900606781; rev:1;) alert tcp $HOME_NET any -> [189.135.16.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.16.92/; sid:900606782; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606783; rev:1;) alert tcp $HOME_NET any -> [178.62.205.130] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.205.130/; sid:900606784; rev:1;) alert tcp $HOME_NET any -> [45.90.108.123] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.90.108.123/; sid:900606785; rev:1;) alert tcp $HOME_NET any -> [198.199.98.78] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.98.78/; sid:900606786; rev:1;) alert tcp $HOME_NET any -> [96.37.113.36] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.113.36/; sid:900606787; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606788; rev:1;) alert tcp $HOME_NET any -> [136.232.254.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.254.46/; sid:900606789; rev:1;) alert tcp $HOME_NET any -> [115.96.62.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.62.113/; sid:900606790; rev:1;) alert tcp $HOME_NET any -> [91.178.126.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.178.126.51/; sid:900606791; rev:1;) alert tcp $HOME_NET any -> [122.60.71.201] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.60.71.201/; sid:900606792; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606793; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606794; rev:1;) alert tcp $HOME_NET any -> [187.156.169.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.169.68/; sid:900606795; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606796; rev:1;) alert tcp $HOME_NET any -> [197.89.144.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.200/; sid:900606797; rev:1;) alert tcp $HOME_NET any -> [196.207.140.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.207.140.40/; sid:900606798; rev:1;) alert tcp $HOME_NET any -> [188.55.249.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.249.239/; sid:900606799; rev:1;) alert tcp $HOME_NET any -> [213.60.210.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.60.210.85/; sid:900606800; rev:1;) alert tcp $HOME_NET any -> [189.152.1.4] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.1.4/; sid:900606801; rev:1;) alert tcp $HOME_NET any -> [174.76.17.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.76.17.43/; sid:900606802; rev:1;) alert tcp $HOME_NET any -> [176.45.11.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.11.226/; sid:900606803; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606804; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606805; rev:1;) alert tcp $HOME_NET any -> [187.75.66.160] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.75.66.160/; sid:900606806; rev:1;) alert tcp $HOME_NET any -> [178.33.123.234] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.123.234/; sid:900606808; rev:1;) alert tcp $HOME_NET any -> [136.143.11.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.143.11.232/; sid:900606809; rev:1;) alert tcp $HOME_NET any -> [195.210.28.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.115/; sid:900606810; rev:1;) alert tcp $HOME_NET any -> [211.172.241.52] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.172.241.52/; sid:900606811; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606812; rev:1;) alert tcp $HOME_NET any -> [182.176.180.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.180.73/; sid:900606813; rev:1;) alert tcp $HOME_NET any -> [81.213.59.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.59.22/; sid:900606816; rev:1;) alert tcp $HOME_NET any -> [86.220.112.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.220.112.26/; sid:900606817; rev:1;) alert tcp $HOME_NET any -> [49.206.29.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.29.127/; sid:900606818; rev:1;) alert tcp $HOME_NET any -> [176.45.53.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.53.222/; sid:900606819; rev:1;) alert tcp $HOME_NET any -> [105.198.236.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606820; rev:1;) alert tcp $HOME_NET any -> [115.96.64.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.64.9/; sid:900606821; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900606822; rev:1;) alert tcp $HOME_NET any -> [78.191.38.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.38.33/; sid:900606823; rev:1;) alert tcp $HOME_NET any -> [39.49.122.240] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.122.240/; sid:900606824; rev:1;) alert tcp $HOME_NET any -> [37.210.155.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.155.239/; sid:900606825; rev:1;) alert tcp $HOME_NET any -> [187.149.227.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.40/; sid:900606826; rev:1;) alert tcp $HOME_NET any -> [201.172.31.95] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.31.95/; sid:900606827; rev:1;) alert tcp $HOME_NET any -> [38.70.253.226] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.70.253.226/; sid:900606828; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606829; rev:1;) alert tcp $HOME_NET any -> [195.154.146.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.146.84/; sid:900606830; rev:1;) alert tcp $HOME_NET any -> [157.245.222.44] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.222.44/; sid:900606831; rev:1;) alert tcp $HOME_NET any -> [45.56.121.87] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.121.87/; sid:900606832; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606833; rev:1;) alert tcp $HOME_NET any -> [86.152.43.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.152.43.219/; sid:900606834; rev:1;) alert tcp $HOME_NET any -> [197.89.144.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.102/; sid:900606835; rev:1;) alert tcp $HOME_NET any -> [100.1.119.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.119.41/; sid:900606838; rev:1;) alert tcp $HOME_NET any -> [201.137.10.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.10.225/; sid:900606839; rev:1;) alert tcp $HOME_NET any -> [108.4.67.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.4.67.252/; sid:900606841; rev:1;) alert tcp $HOME_NET any -> [123.252.190.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.252.190.14/; sid:900606843; rev:1;) alert tcp $HOME_NET any -> [37.208.181.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606844; rev:1;) alert tcp $HOME_NET any -> [129.208.147.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.147.188/; sid:900606845; rev:1;) alert tcp $HOME_NET any -> [96.246.158.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.246.158.154/; sid:900606846; rev:1;) alert tcp $HOME_NET any -> [41.235.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.69.115/; sid:900606847; rev:1;) alert tcp $HOME_NET any -> [78.191.24.189] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.24.189/; sid:900606848; rev:1;) alert tcp $HOME_NET any -> [103.150.40.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.40.76/; sid:900606849; rev:1;) alert tcp $HOME_NET any -> [46.101.142.214] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.142.214/; sid:900606850; rev:1;) alert tcp $HOME_NET any -> [207.180.220.242] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.220.242/; sid:900606851; rev:1;) alert tcp $HOME_NET any -> [155.138.203.91] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.203.91/; sid:900606852; rev:1;) alert tcp $HOME_NET any -> [62.210.116.97] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.116.97/; sid:900606854; rev:1;) alert tcp $HOME_NET any -> [37.208.181.198] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606855; rev:1;) alert tcp $HOME_NET any -> [187.156.134.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.134.254/; sid:900606858; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900606859; rev:1;) alert tcp $HOME_NET any -> [212.237.17.99] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.17.99/; sid:900606860; rev:1;) alert tcp $HOME_NET any -> [176.28.17.160] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.28.17.160/; sid:900606861; rev:1;) alert tcp $HOME_NET any -> [51.254.140.238] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900606862; rev:1;) alert tcp $HOME_NET any -> [207.246.112.221] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606865; rev:1;) alert tcp $HOME_NET any -> [188.50.34.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.34.167/; sid:900606866; rev:1;) alert tcp $HOME_NET any -> [45.9.20.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606867; rev:1;) alert tcp $HOME_NET any -> [73.25.109.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.109.183/; sid:900606868; rev:1;) alert tcp $HOME_NET any -> [207.246.112.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606869; rev:1;) alert tcp $HOME_NET any -> [187.250.109.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.109.250/; sid:900606870; rev:1;) alert tcp $HOME_NET any -> [87.242.20.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.242.20.233/; sid:900606871; rev:1;) alert tcp $HOME_NET any -> [115.99.227.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.99.227.13/; sid:900606872; rev:1;) alert tcp $HOME_NET any -> [27.5.5.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.5.31/; sid:900606873; rev:1;) alert tcp $HOME_NET any -> [88.226.225.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.226.225.168/; sid:900606874; rev:1;) alert tcp $HOME_NET any -> [149.28.99.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.99.97/; sid:900606875; rev:1;) alert tcp $HOME_NET any -> [96.21.251.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.251.127/; sid:900606878; rev:1;) alert tcp $HOME_NET any -> [86.120.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.120.85.209/; sid:900606879; rev:1;) alert tcp $HOME_NET any -> [85.219.187.72] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.219.187.72/; sid:900606882; rev:1;) alert tcp $HOME_NET any -> [86.98.1.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.1.197/; sid:900606883; rev:1;) alert tcp $HOME_NET any -> [189.252.140.141] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.140.141/; sid:900606884; rev:1;) alert tcp $HOME_NET any -> [197.89.144.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.19/; sid:900606885; rev:1;) alert tcp $HOME_NET any -> [143.92.137.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.92.137.106/; sid:900606886; rev:1;) alert tcp $HOME_NET any -> [39.49.45.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.45.250/; sid:900606887; rev:1;) alert tcp $HOME_NET any -> [37.208.162.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.162.27/; sid:900606888; rev:1;) alert tcp $HOME_NET any -> [86.97.8.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.178/; sid:900606889; rev:1;) alert tcp $HOME_NET any -> [94.60.254.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.60.254.81/; sid:900606890; rev:1;) alert tcp $HOME_NET any -> [77.255.12.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.255.12.88/; sid:900606891; rev:1;) alert tcp $HOME_NET any -> [92.59.35.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.59.35.196/; sid:900606892; rev:1;) alert tcp $HOME_NET any -> [87.99.107.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.99.107.124/; sid:900606893; rev:1;) alert tcp $HOME_NET any -> [5.224.28.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.224.28.151/; sid:900606894; rev:1;) alert tcp $HOME_NET any -> [85.226.176.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.226.176.123/; sid:900606895; rev:1;) alert tcp $HOME_NET any -> [189.223.33.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.33.109/; sid:900606896; rev:1;) alert tcp $HOME_NET any -> [85.54.179.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.179.210/; sid:900606897; rev:1;) alert tcp $HOME_NET any -> [95.248.201.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.248.201.245/; sid:900606899; rev:1;) alert tcp $HOME_NET any -> [79.160.207.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.160.207.214/; sid:900606900; rev:1;) alert tcp $HOME_NET any -> [185.122.58.89] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.122.58.89/; sid:900606901; rev:1;) alert tcp $HOME_NET any -> [136.144.131.189] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.144.131.189/; sid:900606902; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606903; rev:1;) alert tcp $HOME_NET any -> [87.109.246.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.109.246.232/; sid:900606904; rev:1;) alert tcp $HOME_NET any -> [109.228.255.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.255.59/; sid:900606905; rev:1;) alert tcp $HOME_NET any -> [70.93.80.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.93.80.154/; sid:900606906; rev:1;) alert tcp $HOME_NET any -> [93.48.80.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.80.198/; sid:900606907; rev:1;) alert tcp $HOME_NET any -> [111.250.36.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.36.194/; sid:900606908; rev:1;) alert tcp $HOME_NET any -> [41.235.58.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.58.200/; sid:900606909; rev:1;) alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900606910; rev:1;) alert tcp $HOME_NET any -> [75.169.58.229] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.169.58.229/; sid:900606911; rev:1;) alert tcp $HOME_NET any -> [47.72.219.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.72.219.120/; sid:900606912; rev:1;) alert tcp $HOME_NET any -> [38.10.199.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.199.26/; sid:900606913; rev:1;) alert tcp $HOME_NET any -> [188.26.158.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.26.158.80/; sid:900606915; rev:1;) alert tcp $HOME_NET any -> [185.56.219.47] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.219.47/; sid:900606916; rev:1;) alert tcp $HOME_NET any -> [192.46.210.220] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.46.210.220/; sid:900606917; rev:1;) alert tcp $HOME_NET any -> [143.244.140.214] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.244.140.214/; sid:900606918; rev:1;) alert tcp $HOME_NET any -> [45.77.0.96] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.0.96/; sid:900606919; rev:1;) alert tcp $HOME_NET any -> [54.37.202.209] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.202.209/; sid:900606920; rev:1;) alert tcp $HOME_NET any -> [149.202.179.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.179.100/; sid:900606921; rev:1;) alert tcp $HOME_NET any -> [81.0.236.89] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.89/; sid:900606922; rev:1;) alert tcp $HOME_NET any -> [94.23.24.82] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.24.82/; sid:900606923; rev:1;) alert tcp $HOME_NET any -> [185.53.147.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.147.51/; sid:900606924; rev:1;) alert tcp $HOME_NET any -> [77.79.56.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.79.56.210/; sid:900606926; rev:1;) alert tcp $HOME_NET any -> [109.133.93.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.133.93.127/; sid:900606927; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606928; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606929; rev:1;) alert tcp $HOME_NET any -> [94.110.12.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.110.12.148/; sid:900606930; rev:1;) alert tcp $HOME_NET any -> [89.107.190.111] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.107.190.111/; sid:900606932; rev:1;) alert tcp $HOME_NET any -> [91.121.134.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.134.180/; sid:900606933; rev:1;) alert tcp $HOME_NET any -> [194.36.28.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.190/; sid:900606934; rev:1;) alert tcp $HOME_NET any -> [41.235.72.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.72.90/; sid:900606935; rev:1;) alert tcp $HOME_NET any -> [188.55.243.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.243.60/; sid:900606936; rev:1;) alert tcp $HOME_NET any -> [45.9.20.200] 2211 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606937; rev:1;) alert tcp $HOME_NET any -> [216.238.71.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606938; rev:1;) alert tcp $HOME_NET any -> [216.238.71.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606939; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606940; rev:1;) alert tcp $HOME_NET any -> [216.238.72.121] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606941; rev:1;) alert tcp $HOME_NET any -> [216.238.72.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606942; rev:1;) alert tcp $HOME_NET any -> [111.250.42.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.42.217/; sid:900606943; rev:1;) alert tcp $HOME_NET any -> [187.121.124.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.124.134/; sid:900606944; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606945; rev:1;) alert tcp $HOME_NET any -> [181.99.138.132] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.132/; sid:900606946; rev:1;) alert tcp $HOME_NET any -> [86.97.8.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.204/; sid:900606947; rev:1;) alert tcp $HOME_NET any -> [37.187.114.15] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.114.15/; sid:900606950; rev:1;) alert tcp $HOME_NET any -> [46.101.98.60] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.98.60/; sid:900606951; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900606952; rev:1;) alert tcp $HOME_NET any -> [93.147.212.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.212.206/; sid:900606953; rev:1;) alert tcp $HOME_NET any -> [103.74.143.53] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.74.143.53/; sid:900606954; rev:1;) alert tcp $HOME_NET any -> [207.180.235.71] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.235.71/; sid:900606956; rev:1;) alert tcp $HOME_NET any -> [104.130.140.69] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900606957; rev:1;) alert tcp $HOME_NET any -> [51.79.166.3] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.166.3/; sid:900606958; rev:1;) alert tcp $HOME_NET any -> [5.135.182.4] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.182.4/; sid:900606960; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606961; rev:1;) alert tcp $HOME_NET any -> [111.250.29.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.138/; sid:900606962; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606963; rev:1;) alert tcp $HOME_NET any -> [181.118.183.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.27/; sid:900606964; rev:1;) alert tcp $HOME_NET any -> [190.73.3.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.3.148/; sid:900606965; rev:1;) alert tcp $HOME_NET any -> [177.172.5.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.172.5.228/; sid:900606966; rev:1;) alert tcp $HOME_NET any -> [189.135.98.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.98.193/; sid:900606967; rev:1;) alert tcp $HOME_NET any -> [181.99.138.30] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.30/; sid:900606968; rev:1;) alert tcp $HOME_NET any -> [185.30.32.33] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.33/; sid:900606969; rev:1;) alert tcp $HOME_NET any -> [102.65.38.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.185/; sid:900606970; rev:1;) alert tcp $HOME_NET any -> [176.115.83.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.83.179/; sid:900606971; rev:1;) alert tcp $HOME_NET any -> [197.87.182.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.139/; sid:900606972; rev:1;) alert tcp $HOME_NET any -> [189.147.249.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.249.20/; sid:900606973; rev:1;) alert tcp $HOME_NET any -> [65.20.153.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.153.49/; sid:900606974; rev:1;) alert tcp $HOME_NET any -> [202.36.49.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.36.49.75/; sid:900606975; rev:1;) alert tcp $HOME_NET any -> [95.178.38.81] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.81/; sid:900606976; rev:1;) alert tcp $HOME_NET any -> [200.83.98.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.98.31/; sid:900606977; rev:1;) alert tcp $HOME_NET any -> [64.111.60.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.111.60.49/; sid:900606978; rev:1;) alert tcp $HOME_NET any -> [202.51.122.163] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.122.163/; sid:900606979; rev:1;) alert tcp $HOME_NET any -> [181.189.221.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.221.250/; sid:900606980; rev:1;) alert tcp $HOME_NET any -> [88.148.122.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.192/; sid:900606981; rev:1;) alert tcp $HOME_NET any -> [181.211.247.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.247.43/; sid:900606982; rev:1;) alert tcp $HOME_NET any -> [222.252.61.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.252.61.23/; sid:900606983; rev:1;) alert tcp $HOME_NET any -> [181.188.180.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.180.243/; sid:900606984; rev:1;) alert tcp $HOME_NET any -> [116.90.234.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.234.82/; sid:900606985; rev:1;) alert tcp $HOME_NET any -> [190.61.46.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.46.106/; sid:900606986; rev:1;) alert tcp $HOME_NET any -> [138.36.200.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.36.200.227/; sid:900606987; rev:1;) alert tcp $HOME_NET any -> [41.77.131.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.131.74/; sid:900606988; rev:1;) alert tcp $HOME_NET any -> [45.221.8.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.221.8.225/; sid:900606989; rev:1;) alert tcp $HOME_NET any -> [202.144.203.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.144.203.140/; sid:900606990; rev:1;) alert tcp $HOME_NET any -> [95.178.35.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.140/; sid:900606991; rev:1;) alert tcp $HOME_NET any -> [103.80.54.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.80.54.34/; sid:900606992; rev:1;) alert tcp $HOME_NET any -> [177.86.90.105] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.86.90.105/; sid:900606993; rev:1;) alert tcp $HOME_NET any -> [61.19.116.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.116.53/; sid:900606994; rev:1;) alert tcp $HOME_NET any -> [91.234.132.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.234.132.24/; sid:900606995; rev:1;) alert tcp $HOME_NET any -> [185.23.110.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.23.110.114/; sid:900606996; rev:1;) alert tcp $HOME_NET any -> [95.178.35.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.162/; sid:900606997; rev:1;) alert tcp $HOME_NET any -> [203.173.94.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.173.94.162/; sid:900606998; rev:1;) alert tcp $HOME_NET any -> [136.228.129.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.129.179/; sid:900606999; rev:1;) alert tcp $HOME_NET any -> [86.173.96.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.126/; sid:900607000; rev:1;) alert tcp $HOME_NET any -> [177.37.161.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.37.161.136/; sid:900607001; rev:1;) alert tcp $HOME_NET any -> [202.58.199.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.58.199.82/; sid:900607002; rev:1;) alert tcp $HOME_NET any -> [88.148.122.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.16/; sid:900607003; rev:1;) alert tcp $HOME_NET any -> [109.177.30.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.30.138/; sid:900607004; rev:1;) alert tcp $HOME_NET any -> [103.255.73.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.73.146/; sid:900607005; rev:1;) alert tcp $HOME_NET any -> [177.138.142.97] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.138.142.97/; sid:900607006; rev:1;) alert tcp $HOME_NET any -> [191.36.151.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.36.151.129/; sid:900607007; rev:1;) alert tcp $HOME_NET any -> [43.225.69.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.225.69.20/; sid:900607008; rev:1;) alert tcp $HOME_NET any -> [181.112.49.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.49.170/; sid:900607009; rev:1;) alert tcp $HOME_NET any -> [43.246.138.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.246.138.162/; sid:900607010; rev:1;) alert tcp $HOME_NET any -> [200.201.185.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.201.185.194/; sid:900607011; rev:1;) alert tcp $HOME_NET any -> [95.178.38.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.68/; sid:900607012; rev:1;) alert tcp $HOME_NET any -> [171.235.33.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.235.33.211/; sid:900607013; rev:1;) alert tcp $HOME_NET any -> [95.110.160.239] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.110.160.239/; sid:900607014; rev:1;) alert tcp $HOME_NET any -> [198.61.167.176] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.167.176/; sid:900607015; rev:1;) alert tcp $HOME_NET any -> [167.86.83.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.83.205/; sid:900607016; rev:1;) alert tcp $HOME_NET any -> [5.196.213.55] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.213.55/; sid:900607017; rev:1;) alert tcp $HOME_NET any -> [72.252.147.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607019; rev:1;) alert tcp $HOME_NET any -> [88.234.20.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.20.155/; sid:900607020; rev:1;) alert tcp $HOME_NET any -> [72.252.147.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607021; rev:1;) alert tcp $HOME_NET any -> [189.147.225.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.225.12/; sid:900607022; rev:1;) alert tcp $HOME_NET any -> [181.4.49.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.49.208/; sid:900607023; rev:1;) alert tcp $HOME_NET any -> [83.223.164.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.223.164.163/; sid:900607024; rev:1;) alert tcp $HOME_NET any -> [75.67.192.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.192.125/; sid:900607025; rev:1;) alert tcp $HOME_NET any -> [41.37.243.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.37.243.129/; sid:900607026; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900607027; rev:1;) alert tcp $HOME_NET any -> [129.208.156.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.156.253/; sid:900607028; rev:1;) alert tcp $HOME_NET any -> [78.153.126.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.153.126.175/; sid:900607029; rev:1;) alert tcp $HOME_NET any -> [5.44.57.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.57.191/; sid:900607031; rev:1;) alert tcp $HOME_NET any -> [24.32.202.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.32.202.68/; sid:900607033; rev:1;) alert tcp $HOME_NET any -> [102.65.38.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.57/; sid:900607034; rev:1;) alert tcp $HOME_NET any -> [220.255.25.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.187/; sid:900607041; rev:1;) alert tcp $HOME_NET any -> [111.250.56.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.56.31/; sid:900607042; rev:1;) alert tcp $HOME_NET any -> [109.177.77.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.77.68/; sid:900607043; rev:1;) alert tcp $HOME_NET any -> [181.118.183.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.31/; sid:900607044; rev:1;) alert tcp $HOME_NET any -> [187.121.88.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.88.3/; sid:900607045; rev:1;) alert tcp $HOME_NET any -> [188.27.119.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.119.243/; sid:900607046; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900607050; rev:1;) alert tcp $HOME_NET any -> [5.9.14.91] 10933 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.14.91/; sid:900607051; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900607052; rev:1;) alert tcp $HOME_NET any -> [45.184.36.10] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.36.10/; sid:900607053; rev:1;) alert tcp $HOME_NET any -> [173.249.28.143] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.28.143/; sid:900607054; rev:1;) alert tcp $HOME_NET any -> [103.8.26.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.102/; sid:900607055; rev:1;) alert tcp $HOME_NET any -> [103.8.26.103] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.103/; sid:900607056; rev:1;) alert tcp $HOME_NET any -> [188.93.125.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.93.125.116/; sid:900607057; rev:1;) alert tcp $HOME_NET any -> [45.76.176.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900607058; rev:1;) alert tcp $HOME_NET any -> [66.42.55.5] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.42.55.5/; sid:900607059; rev:1;) alert tcp $HOME_NET any -> [81.0.236.93] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900607060; rev:1;) alert tcp $HOME_NET any -> [94.177.248.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.248.64/; sid:900607061; rev:1;) alert tcp $HOME_NET any -> [168.197.250.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.197.250.14/; sid:900607062; rev:1;) alert tcp $HOME_NET any -> [142.4.219.173] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900607063; rev:1;) alert tcp $HOME_NET any -> [185.148.169.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.169.10/; sid:900607064; rev:1;) alert tcp $HOME_NET any -> [196.44.98.190] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.44.98.190/; sid:900607065; rev:1;) alert tcp $HOME_NET any -> [51.178.61.60] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900607066; rev:1;) alert tcp $HOME_NET any -> [51.210.242.234] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.242.234/; sid:900607067; rev:1;) alert tcp $HOME_NET any -> [177.72.80.14] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.72.80.14/; sid:900607068; rev:1;) alert tcp $HOME_NET any -> [200.7.198.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.198.138/; sid:900607069; rev:1;) alert tcp $HOME_NET any -> [212.175.98.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.175.98.171/; sid:900607070; rev:1;) alert tcp $HOME_NET any -> [51.68.175.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.175.8/; sid:900607071; rev:1;) alert tcp $HOME_NET any -> [210.57.217.132] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.57.217.132/; sid:900607072; rev:1;) alert tcp $HOME_NET any -> [45.79.33.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900607073; rev:1;) alert tcp $HOME_NET any -> [163.172.50.82] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.50.82/; sid:900607076; rev:1;) alert tcp $HOME_NET any -> [93.188.167.97] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.188.167.97/; sid:900607077; rev:1;) alert tcp $HOME_NET any -> [103.161.172.108] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.108/; sid:900607078; rev:1;) alert tcp $HOME_NET any -> [146.66.139.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.84/; sid:900607079; rev:1;) alert tcp $HOME_NET any -> [78.191.45.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.45.163/; sid:900607081; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607082; rev:1;) alert tcp $HOME_NET any -> [181.118.183.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.60/; sid:900607083; rev:1;) alert tcp $HOME_NET any -> [111.250.51.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.51.232/; sid:900607084; rev:1;) alert tcp $HOME_NET any -> [86.97.160.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.160.193/; sid:900607085; rev:1;) alert tcp $HOME_NET any -> [189.135.61.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.61.226/; sid:900607086; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607087; rev:1;) alert tcp $HOME_NET any -> [185.184.25.237] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.237/; sid:900607088; rev:1;) alert tcp $HOME_NET any -> [202.29.239.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.161/; sid:900607089; rev:1;) alert tcp $HOME_NET any -> [91.200.186.228] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.228/; sid:900607090; rev:1;) alert tcp $HOME_NET any -> [191.252.196.221] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.196.221/; sid:900607091; rev:1;) alert tcp $HOME_NET any -> [62.210.200.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.200.63/; sid:900607092; rev:1;) alert tcp $HOME_NET any -> [54.37.70.105] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900607093; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900607094; rev:1;) alert tcp $HOME_NET any -> [164.68.99.3] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.99.3/; sid:900607095; rev:1;) alert tcp $HOME_NET any -> [142.93.218.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.218.86/; sid:900607096; rev:1;) alert tcp $HOME_NET any -> [31.220.49.39] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607098; rev:1;) alert tcp $HOME_NET any -> [122.129.203.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.129.203.163/; sid:900607099; rev:1;) alert tcp $HOME_NET any -> [73.171.4.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.171.4.177/; sid:900607101; rev:1;) alert tcp $HOME_NET any -> [186.64.67.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.17/; sid:900607102; rev:1;) alert tcp $HOME_NET any -> [5.189.150.29] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.150.29/; sid:900607103; rev:1;) alert tcp $HOME_NET any -> [200.127.27.220] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.27.220/; sid:900607104; rev:1;) alert tcp $HOME_NET any -> [5.193.134.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.134.177/; sid:900607105; rev:1;) alert tcp $HOME_NET any -> [218.101.110.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.101.110.3/; sid:900607106; rev:1;) alert tcp $HOME_NET any -> [194.36.28.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.26/; sid:900607107; rev:1;) alert tcp $HOME_NET any -> [86.173.96.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.86/; sid:900607108; rev:1;) alert tcp $HOME_NET any -> [87.120.37.231] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.231/; sid:900607109; rev:1;) alert tcp $HOME_NET any -> [164.90.229.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.209/; sid:900607110; rev:1;) alert tcp $HOME_NET any -> [162.33.179.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.46/; sid:900607111; rev:1;) alert tcp $HOME_NET any -> [162.33.178.121] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.121/; sid:900607112; rev:1;) alert tcp $HOME_NET any -> [162.33.178.65] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.65/; sid:900607113; rev:1;) alert tcp $HOME_NET any -> [162.33.179.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.16/; sid:900607114; rev:1;) alert tcp $HOME_NET any -> [162.33.178.137] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.137/; sid:900607115; rev:1;) alert tcp $HOME_NET any -> [162.33.177.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.123/; sid:900607116; rev:1;) alert tcp $HOME_NET any -> [162.33.179.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.12/; sid:900607117; rev:1;) alert tcp $HOME_NET any -> [162.33.177.90] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.90/; sid:900607118; rev:1;) alert tcp $HOME_NET any -> [162.33.179.213] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.213/; sid:900607119; rev:1;) alert tcp $HOME_NET any -> [31.13.195.145] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.145/; sid:900607120; rev:1;) alert tcp $HOME_NET any -> [162.33.179.144] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.144/; sid:900607121; rev:1;) alert tcp $HOME_NET any -> [162.33.179.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.253/; sid:900607122; rev:1;) alert tcp $HOME_NET any -> [162.33.177.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.25/; sid:900607124; rev:1;) alert tcp $HOME_NET any -> [91.92.109.10] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.10/; sid:900607125; rev:1;) alert tcp $HOME_NET any -> [91.92.109.73] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.73/; sid:900607126; rev:1;) alert tcp $HOME_NET any -> [161.35.205.250] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.205.250/; sid:900607127; rev:1;) alert tcp $HOME_NET any -> [164.90.174.188] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.174.188/; sid:900607128; rev:1;) alert tcp $HOME_NET any -> [164.90.166.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.166.155/; sid:900607129; rev:1;) alert tcp $HOME_NET any -> [161.35.195.78] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.195.78/; sid:900607130; rev:1;) alert tcp $HOME_NET any -> [64.225.98.255] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.255/; sid:900607131; rev:1;) alert tcp $HOME_NET any -> [162.33.178.131] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.131/; sid:900607132; rev:1;) alert tcp $HOME_NET any -> [162.33.178.246] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.246/; sid:900607133; rev:1;) alert tcp $HOME_NET any -> [162.33.178.119] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.119/; sid:900607134; rev:1;) alert tcp $HOME_NET any -> [159.223.30.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.30.253/; sid:900607135; rev:1;) alert tcp $HOME_NET any -> [46.101.144.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.144.128/; sid:900607136; rev:1;) alert tcp $HOME_NET any -> [64.225.98.197] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.197/; sid:900607137; rev:1;) alert tcp $HOME_NET any -> [162.33.178.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.237/; sid:900607138; rev:1;) alert tcp $HOME_NET any -> [162.33.179.2] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.2/; sid:900607140; rev:1;) alert tcp $HOME_NET any -> [162.33.177.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.152/; sid:900607141; rev:1;) alert tcp $HOME_NET any -> [162.33.177.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.178/; sid:900607142; rev:1;) alert tcp $HOME_NET any -> [164.90.191.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.191.46/; sid:900607143; rev:1;) alert tcp $HOME_NET any -> [162.33.177.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.158/; sid:900607144; rev:1;) alert tcp $HOME_NET any -> [162.33.179.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.237/; sid:900607145; rev:1;) alert tcp $HOME_NET any -> [149.28.98.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.98.49/; sid:900607146; rev:1;) alert tcp $HOME_NET any -> [45.63.108.27] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.108.27/; sid:900607147; rev:1;) alert tcp $HOME_NET any -> [206.188.196.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.196.201/; sid:900607148; rev:1;) alert tcp $HOME_NET any -> [162.33.178.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.179/; sid:900607149; rev:1;) alert tcp $HOME_NET any -> [162.33.179.210] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.210/; sid:900607150; rev:1;) alert tcp $HOME_NET any -> [51.178.186.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.186.134/; sid:900607151; rev:1;) alert tcp $HOME_NET any -> [51.91.142.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.158/; sid:900607152; rev:1;) alert tcp $HOME_NET any -> [178.79.144.87] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.144.87/; sid:900607153; rev:1;) alert tcp $HOME_NET any -> [104.130.140.69] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900607154; rev:1;) alert tcp $HOME_NET any -> [51.79.205.117] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.205.117/; sid:900607155; rev:1;) alert tcp $HOME_NET any -> [185.85.17.16] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.85.17.16/; sid:900607157; rev:1;) alert tcp $HOME_NET any -> [50.21.183.143] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.183.143/; sid:900607158; rev:1;) alert tcp $HOME_NET any -> [185.99.2.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.197/; sid:900607159; rev:1;) alert tcp $HOME_NET any -> [75.188.35.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900607160; rev:1;) alert tcp $HOME_NET any -> [103.36.126.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.126.221/; sid:900607162; rev:1;) alert tcp $HOME_NET any -> [117.220.229.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.220.229.162/; sid:900607163; rev:1;) alert tcp $HOME_NET any -> [14.102.188.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.188.227/; sid:900607164; rev:1;) alert tcp $HOME_NET any -> [45.116.106.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.116.106.45/; sid:900607165; rev:1;) alert tcp $HOME_NET any -> [110.172.137.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.137.20/; sid:900607167; rev:1;) alert tcp $HOME_NET any -> [144.91.110.219] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.219/; sid:900607168; rev:1;) alert tcp $HOME_NET any -> [86.107.98.232] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.107.98.232/; sid:900607169; rev:1;) alert tcp $HOME_NET any -> [188.165.214.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607170; rev:1;) alert tcp $HOME_NET any -> [67.207.95.35] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.95.35/; sid:900607171; rev:1;) alert tcp $HOME_NET any -> [129.208.184.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.184.37/; sid:900607172; rev:1;) alert tcp $HOME_NET any -> [187.121.105.111] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.105.111/; sid:900607173; rev:1;) alert tcp $HOME_NET any -> [111.250.0.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.0.147/; sid:900607174; rev:1;) alert tcp $HOME_NET any -> [67.205.162.68] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.162.68/; sid:900607175; rev:1;) alert tcp $HOME_NET any -> [31.220.49.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607176; rev:1;) alert tcp $HOME_NET any -> [117.198.148.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.148.180/; sid:900607177; rev:1;) alert tcp $HOME_NET any -> [78.191.52.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.52.30/; sid:900607178; rev:1;) alert tcp $HOME_NET any -> [111.250.29.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.21/; sid:900607180; rev:1;) alert tcp $HOME_NET any -> [39.49.95.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.95.46/; sid:900607181; rev:1;) alert tcp $HOME_NET any -> [176.63.117.1] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.117.1/; sid:900607182; rev:1;) alert tcp $HOME_NET any -> [187.192.70.222] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.70.222/; sid:900607183; rev:1;) alert tcp $HOME_NET any -> [207.154.241.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.241.38/; sid:900607184; rev:1;) alert tcp $HOME_NET any -> [167.99.243.36] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.243.36/; sid:900607185; rev:1;) alert tcp $HOME_NET any -> [164.90.223.1] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.1/; sid:900607186; rev:1;) alert tcp $HOME_NET any -> [164.90.223.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.38/; sid:900607187; rev:1;) alert tcp $HOME_NET any -> [104.248.16.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.16.136/; sid:900607188; rev:1;) alert tcp $HOME_NET any -> [164.90.223.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.13/; sid:900607189; rev:1;) alert tcp $HOME_NET any -> [64.227.114.0] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.114.0/; sid:900607190; rev:1;) alert tcp $HOME_NET any -> [167.172.165.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.165.125/; sid:900607191; rev:1;) alert tcp $HOME_NET any -> [142.93.99.249] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.99.249/; sid:900607192; rev:1;) alert tcp $HOME_NET any -> [134.209.240.181] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.181/; sid:900607193; rev:1;) alert tcp $HOME_NET any -> [46.101.158.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.158.148/; sid:900607194; rev:1;) alert tcp $HOME_NET any -> [164.90.237.7] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.237.7/; sid:900607195; rev:1;) alert tcp $HOME_NET any -> [165.22.83.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.83.25/; sid:900607196; rev:1;) alert tcp $HOME_NET any -> [167.172.101.84] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.101.84/; sid:900607197; rev:1;) alert tcp $HOME_NET any -> [167.172.160.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.160.45/; sid:900607198; rev:1;) alert tcp $HOME_NET any -> [206.81.23.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.23.138/; sid:900607199; rev:1;) alert tcp $HOME_NET any -> [68.183.65.211] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.65.211/; sid:900607200; rev:1;) alert tcp $HOME_NET any -> [161.35.223.199] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.223.199/; sid:900607201; rev:1;) alert tcp $HOME_NET any -> [161.35.70.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.70.100/; sid:900607202; rev:1;) alert tcp $HOME_NET any -> [164.90.229.166] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.166/; sid:900607203; rev:1;) alert tcp $HOME_NET any -> [134.122.88.142] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.88.142/; sid:900607204; rev:1;) alert tcp $HOME_NET any -> [165.232.65.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.65.245/; sid:900607205; rev:1;) alert tcp $HOME_NET any -> [64.227.118.34] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.118.34/; sid:900607206; rev:1;) alert tcp $HOME_NET any -> [165.227.162.47] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.162.47/; sid:900607207; rev:1;) alert tcp $HOME_NET any -> [164.90.187.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.171/; sid:900607208; rev:1;) alert tcp $HOME_NET any -> [164.90.187.236] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.236/; sid:900607209; rev:1;) alert tcp $HOME_NET any -> [164.90.187.244] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.244/; sid:900607210; rev:1;) alert tcp $HOME_NET any -> [134.122.76.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.123/; sid:900607211; rev:1;) alert tcp $HOME_NET any -> [134.122.76.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.178/; sid:900607212; rev:1;) alert tcp $HOME_NET any -> [46.101.160.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.160.136/; sid:900607213; rev:1;) alert tcp $HOME_NET any -> [46.101.200.191] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.200.191/; sid:900607214; rev:1;) alert tcp $HOME_NET any -> [164.90.187.203] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.203/; sid:900607215; rev:1;) alert tcp $HOME_NET any -> [164.90.187.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.241/; sid:900607216; rev:1;) alert tcp $HOME_NET any -> [164.90.187.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.209/; sid:900607217; rev:1;) alert tcp $HOME_NET any -> [164.90.221.57] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.221.57/; sid:900607218; rev:1;) alert tcp $HOME_NET any -> [164.90.235.239] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.235.239/; sid:900607219; rev:1;) alert tcp $HOME_NET any -> [165.232.78.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.78.100/; sid:900607220; rev:1;) alert tcp $HOME_NET any -> [64.227.122.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.122.248/; sid:900607221; rev:1;) alert tcp $HOME_NET any -> [164.90.175.226] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.175.226/; sid:900607222; rev:1;) alert tcp $HOME_NET any -> [164.90.219.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.219.254/; sid:900607223; rev:1;) alert tcp $HOME_NET any -> [206.81.27.39] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.27.39/; sid:900607224; rev:1;) alert tcp $HOME_NET any -> [134.122.76.75] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.75/; sid:900607225; rev:1;) alert tcp $HOME_NET any -> [164.90.213.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.219/; sid:900607226; rev:1;) alert tcp $HOME_NET any -> [164.90.213.227] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.227/; sid:900607227; rev:1;) alert tcp $HOME_NET any -> [159.223.21.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.21.94/; sid:900607228; rev:1;) alert tcp $HOME_NET any -> [164.90.215.60] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.60/; sid:900607229; rev:1;) alert tcp $HOME_NET any -> [64.227.116.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.116.94/; sid:900607230; rev:1;) alert tcp $HOME_NET any -> [164.90.239.161] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.239.161/; sid:900607231; rev:1;) alert tcp $HOME_NET any -> [91.92.109.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.170/; sid:900607232; rev:1;) alert tcp $HOME_NET any -> [91.92.109.169] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.169/; sid:900607233; rev:1;) alert tcp $HOME_NET any -> [91.92.109.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.138/; sid:900607234; rev:1;) alert tcp $HOME_NET any -> [31.13.195.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.108/; sid:900607235; rev:1;) alert tcp $HOME_NET any -> [91.92.109.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.136/; sid:900607236; rev:1;) alert tcp $HOME_NET any -> [87.120.254.51] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.51/; sid:900607237; rev:1;) alert tcp $HOME_NET any -> [87.120.254.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.178/; sid:900607238; rev:1;) alert tcp $HOME_NET any -> [87.120.254.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.67/; sid:900607239; rev:1;) alert tcp $HOME_NET any -> [87.121.52.230] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.230/; sid:900607240; rev:1;) alert tcp $HOME_NET any -> [87.120.37.77] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.77/; sid:900607241; rev:1;) alert tcp $HOME_NET any -> [87.120.8.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.109/; sid:900607242; rev:1;) alert tcp $HOME_NET any -> [87.120.8.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.245/; sid:900607243; rev:1;) alert tcp $HOME_NET any -> [31.13.195.129] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.129/; sid:900607244; rev:1;) alert tcp $HOME_NET any -> [87.121.52.247] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.247/; sid:900607245; rev:1;) alert tcp $HOME_NET any -> [91.92.109.189] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.189/; sid:900607246; rev:1;) alert tcp $HOME_NET any -> [31.13.195.32] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.32/; sid:900607247; rev:1;) alert tcp $HOME_NET any -> [87.121.52.192] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.192/; sid:900607248; rev:1;) alert tcp $HOME_NET any -> [87.120.37.183] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.183/; sid:900607249; rev:1;) alert tcp $HOME_NET any -> [87.120.254.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.158/; sid:900607250; rev:1;) alert tcp $HOME_NET any -> [87.120.254.234] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.234/; sid:900607251; rev:1;) alert tcp $HOME_NET any -> [185.158.249.238] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.158.249.238/; sid:900607252; rev:1;) alert tcp $HOME_NET any -> [87.120.254.252] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.252/; sid:900607253; rev:1;) alert tcp $HOME_NET any -> [87.121.52.173] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.173/; sid:900607254; rev:1;) alert tcp $HOME_NET any -> [87.120.254.6] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.6/; sid:900607255; rev:1;) alert tcp $HOME_NET any -> [31.13.195.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.13/; sid:900607256; rev:1;) alert tcp $HOME_NET any -> [170.130.55.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.130.55.98/; sid:900607257; rev:1;) alert tcp $HOME_NET any -> [87.120.254.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.96/; sid:900607258; rev:1;) alert tcp $HOME_NET any -> [87.120.8.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.177/; sid:900607259; rev:1;) alert tcp $HOME_NET any -> [87.120.8.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.241/; sid:900607260; rev:1;) alert tcp $HOME_NET any -> [87.120.8.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.171/; sid:900607261; rev:1;) alert tcp $HOME_NET any -> [91.92.109.14] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.14/; sid:900607262; rev:1;) alert tcp $HOME_NET any -> [87.120.8.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.112/; sid:900607263; rev:1;) alert tcp $HOME_NET any -> [87.120.8.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.101/; sid:900607264; rev:1;) alert tcp $HOME_NET any -> [134.122.64.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.64.170/; sid:900607265; rev:1;) alert tcp $HOME_NET any -> [164.90.215.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.29/; sid:900607266; rev:1;) alert tcp $HOME_NET any -> [165.232.68.221] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.68.221/; sid:900607267; rev:1;) alert tcp $HOME_NET any -> [159.89.6.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.6.29/; sid:900607268; rev:1;) alert tcp $HOME_NET any -> [164.90.183.223] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.183.223/; sid:900607270; rev:1;) alert tcp $HOME_NET any -> [87.120.37.122] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.122/; sid:900607271; rev:1;) alert tcp $HOME_NET any -> [87.120.8.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.170/; sid:900607272; rev:1;) alert tcp $HOME_NET any -> [31.13.195.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.152/; sid:900607273; rev:1;) alert tcp $HOME_NET any -> [162.33.179.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.71/; sid:900607274; rev:1;) alert tcp $HOME_NET any -> [162.33.178.153] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.153/; sid:900607275; rev:1;) alert tcp $HOME_NET any -> [162.33.178.139] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.139/; sid:900607276; rev:1;) alert tcp $HOME_NET any -> [162.33.177.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.219/; sid:900607277; rev:1;) alert tcp $HOME_NET any -> [162.33.178.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.248/; sid:900607278; rev:1;) alert tcp $HOME_NET any -> [162.33.179.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.96/; sid:900607279; rev:1;) alert tcp $HOME_NET any -> [162.33.179.99] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.99/; sid:900607280; rev:1;) alert tcp $HOME_NET any -> [162.33.179.240] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.240/; sid:900607281; rev:1;) alert tcp $HOME_NET any -> [45.61.136.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.136.128/; sid:900607282; rev:1;) alert tcp $HOME_NET any -> [167.71.11.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.11.125/; sid:900607283; rev:1;) alert tcp $HOME_NET any -> [86.123.105.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.105.31/; sid:900607284; rev:1;) alert tcp $HOME_NET any -> [185.148.168.15] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.15/; sid:900607285; rev:1;) alert tcp $HOME_NET any -> [107.170.4.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.4.227/; sid:900607286; rev:1;) alert tcp $HOME_NET any -> [64.251.25.156] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.251.25.156/; sid:900607287; rev:1;) alert tcp $HOME_NET any -> [178.128.222.53] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.222.53/; sid:900607288; rev:1;) alert tcp $HOME_NET any -> [39.33.218.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.218.78/; sid:900607289; rev:1;) alert tcp $HOME_NET any -> [162.33.177.88] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.88/; sid:900607290; rev:1;) alert tcp $HOME_NET any -> [162.33.179.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.53/; sid:900607291; rev:1;) alert tcp $HOME_NET any -> [41.76.108.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900607292; rev:1;) alert tcp $HOME_NET any -> [188.165.214.166] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607294; rev:1;) alert tcp $HOME_NET any -> [117.54.140.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.140.98/; sid:900607295; rev:1;) alert tcp $HOME_NET any -> [188.40.33.77] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.33.77/; sid:900607296; rev:1;) alert tcp $HOME_NET any -> [45.63.36.79] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.36.79/; sid:900607297; rev:1;) alert tcp $HOME_NET any -> [45.79.80.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.80.198/; sid:900607298; rev:1;) alert tcp $HOME_NET any -> [162.33.178.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.12/; sid:900607299; rev:1;) alert tcp $HOME_NET any -> [217.165.237.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.237.42/; sid:900607300; rev:1;) alert tcp $HOME_NET any -> [162.33.179.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.245/; sid:900607301; rev:1;) alert tcp $HOME_NET any -> [162.33.177.217] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.217/; sid:900607302; rev:1;) alert tcp $HOME_NET any -> [162.33.178.20] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.20/; sid:900607303; rev:1;) alert tcp $HOME_NET any -> [162.33.179.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.67/; sid:900607304; rev:1;) alert tcp $HOME_NET any -> [27.5.4.111] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.4.111/; sid:900607305; rev:1;) alert tcp $HOME_NET any -> [189.135.21.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.21.162/; sid:900607306; rev:1;) alert tcp $HOME_NET any -> [189.147.174.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.174.121/; sid:900607307; rev:1;) alert tcp $HOME_NET any -> [86.97.10.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.10.14/; sid:900607308; rev:1;) alert tcp $HOME_NET any -> [51.68.138.110] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.138.110/; sid:900607309; rev:1;) alert tcp $HOME_NET any -> [23.253.208.162] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.208.162/; sid:900607310; rev:1;) alert tcp $HOME_NET any -> [206.189.150.190] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.150.190/; sid:900607311; rev:1;) alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900607312; rev:1;) alert tcp $HOME_NET any -> [200.114.247.160] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.247.160/; sid:900607313; rev:1;) alert tcp $HOME_NET any -> [162.33.177.229] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.229/; sid:900607315; rev:1;) alert tcp $HOME_NET any -> [162.33.178.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.49/; sid:900607316; rev:1;) alert tcp $HOME_NET any -> [174.20.72.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.20.72.123/; sid:900607318; rev:1;) alert tcp $HOME_NET any -> [117.198.156.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.156.228/; sid:900607319; rev:1;) alert tcp $HOME_NET any -> [45.63.5.129] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.5.129/; sid:900607321; rev:1;) alert tcp $HOME_NET any -> [128.199.192.135] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900607322; rev:1;) alert tcp $HOME_NET any -> [46.55.222.11] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.11/; sid:900607323; rev:1;) alert tcp $HOME_NET any -> [104.245.52.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900607324; rev:1;) alert tcp $HOME_NET any -> [62.171.184.244] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.171.184.244/; sid:900607325; rev:1;) alert tcp $HOME_NET any -> [62.210.82.223] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.82.223/; sid:900607326; rev:1;) alert tcp $HOME_NET any -> [142.93.66.245] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.66.245/; sid:900607327; rev:1;) alert tcp $HOME_NET any -> [119.59.125.140] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.125.140/; sid:900607328; rev:1;) alert tcp $HOME_NET any -> [81.223.127.86] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.223.127.86/; sid:900607329; rev:1;) alert tcp $HOME_NET any -> [186.64.67.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.31/; sid:900607330; rev:1;) alert tcp $HOME_NET any -> [189.135.34.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.34.124/; sid:900607331; rev:1;) alert tcp $HOME_NET any -> [129.208.154.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.154.145/; sid:900607332; rev:1;) alert tcp $HOME_NET any -> [45.79.248.254] 2222 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.248.254/; sid:900607333; rev:1;) alert tcp $HOME_NET any -> [94.177.217.88] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.217.88/; sid:900607334; rev:1;) alert tcp $HOME_NET any -> [144.91.110.55] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.55/; sid:900607335; rev:1;) alert tcp $HOME_NET any -> [149.56.106.83] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.106.83/; sid:900607336; rev:1;) alert tcp $HOME_NET any -> [185.4.135.165] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.165/; sid:900607337; rev:1;) alert tcp $HOME_NET any -> [78.180.170.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.170.159/; sid:900607338; rev:1;) alert tcp $HOME_NET any -> [172.104.227.98] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.227.98/; sid:900607339; rev:1;) alert tcp $HOME_NET any -> [31.207.89.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900607340; rev:1;) alert tcp $HOME_NET any -> [162.33.177.194] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.194/; sid:900607341; rev:1;) alert tcp $HOME_NET any -> [162.33.177.69] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.69/; sid:900607342; rev:1;) alert tcp $HOME_NET any -> [162.33.177.196] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.196/; sid:900607343; rev:1;) alert tcp $HOME_NET any -> [162.33.178.35] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.35/; sid:900607344; rev:1;) alert tcp $HOME_NET any -> [162.33.179.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.158/; sid:900607345; rev:1;) alert tcp $HOME_NET any -> [162.33.178.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.45/; sid:900607346; rev:1;) alert tcp $HOME_NET any -> [189.252.173.60] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.173.60/; sid:900607347; rev:1;) alert tcp $HOME_NET any -> [187.121.121.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.121.141/; sid:900607348; rev:1;) alert tcp $HOME_NET any -> [181.4.52.159] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.52.159/; sid:900607349; rev:1;) alert tcp $HOME_NET any -> [209.239.112.82] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900607350; rev:1;) alert tcp $HOME_NET any -> [116.124.128.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.124.128.206/; sid:900607351; rev:1;) alert tcp $HOME_NET any -> [51.159.35.157] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.159.35.157/; sid:900607352; rev:1;) alert tcp $HOME_NET any -> [207.180.228.237] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.228.237/; sid:900607353; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900607354; rev:1;) alert tcp $HOME_NET any -> [109.75.64.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.75.64.100/; sid:900607355; rev:1;) alert tcp $HOME_NET any -> [198.27.67.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900607356; rev:1;) alert tcp $HOME_NET any -> [104.238.138.234] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900607357; rev:1;) alert tcp $HOME_NET any -> [202.29.237.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.237.113/; sid:900607358; rev:1;) alert tcp $HOME_NET any -> [207.210.201.159] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.201.159/; sid:900607359; rev:1;) alert tcp $HOME_NET any -> [164.90.159.54] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.159.54/; sid:900607360; rev:1;) alert tcp $HOME_NET any -> [91.207.181.106] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.181.106/; sid:900607361; rev:1;) alert tcp $HOME_NET any -> [102.177.192.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.177.192.60/; sid:900607362; rev:1;) alert tcp $HOME_NET any -> [197.89.12.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.237/; sid:900607363; rev:1;) alert tcp $HOME_NET any -> [162.33.178.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.148/; sid:900607364; rev:1;) alert tcp $HOME_NET any -> [162.33.177.216] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.216/; sid:900607365; rev:1;) alert tcp $HOME_NET any -> [162.33.179.50] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.50/; sid:900607366; rev:1;) alert tcp $HOME_NET any -> [162.33.178.97] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.97/; sid:900607367; rev:1;) alert tcp $HOME_NET any -> [186.64.87.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.195/; sid:900607369; rev:1;) alert tcp $HOME_NET any -> [162.33.177.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.179/; sid:900607370; rev:1;) alert tcp $HOME_NET any -> [86.190.203.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.203.103/; sid:900607371; rev:1;) alert tcp $HOME_NET any -> [186.250.48.117] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900607372; rev:1;) alert tcp $HOME_NET any -> [92.240.254.110] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.240.254.110/; sid:900607373; rev:1;) alert tcp $HOME_NET any -> [129.232.146.250] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.146.250/; sid:900607375; rev:1;) alert tcp $HOME_NET any -> [103.47.60.57] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.60.57/; sid:900607376; rev:1;) alert tcp $HOME_NET any -> [86.49.161.18] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.49.161.18/; sid:900607377; rev:1;) alert tcp $HOME_NET any -> [83.138.53.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.138.53.138/; sid:900607378; rev:1;) alert tcp $HOME_NET any -> [162.33.178.30] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.30/; sid:900607379; rev:1;) alert tcp $HOME_NET any -> [151.106.39.36] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.106.39.36/; sid:900607380; rev:1;) alert tcp $HOME_NET any -> [172.105.78.60] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.78.60/; sid:900607381; rev:1;) alert tcp $HOME_NET any -> [23.246.204.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.246.204.126/; sid:900607382; rev:1;) alert tcp $HOME_NET any -> [103.124.144.123] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.144.123/; sid:900607383; rev:1;) alert tcp $HOME_NET any -> [94.177.218.33] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.218.33/; sid:900607391; rev:1;) alert tcp $HOME_NET any -> [176.31.163.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.163.17/; sid:900607392; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900607393; rev:1;) alert tcp $HOME_NET any -> [88.234.147.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.147.66/; sid:900607394; rev:1;) alert tcp $HOME_NET any -> [186.64.87.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.197/; sid:900607396; rev:1;) alert tcp $HOME_NET any -> [102.65.38.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.67/; sid:900607397; rev:1;) alert tcp $HOME_NET any -> [87.120.37.64] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.64/; sid:900607399; rev:1;) alert tcp $HOME_NET any -> [87.120.37.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.71/; sid:900607400; rev:1;) alert tcp $HOME_NET any -> [87.121.52.195] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.195/; sid:900607401; rev:1;) alert tcp $HOME_NET any -> [87.120.8.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.46/; sid:900607402; rev:1;) alert tcp $HOME_NET any -> [162.33.178.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.33/; sid:900607403; rev:1;) alert tcp $HOME_NET any -> [162.33.179.47] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.47/; sid:900607404; rev:1;) alert tcp $HOME_NET any -> [85.114.130.154] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.114.130.154/; sid:900607405; rev:1;) alert tcp $HOME_NET any -> [195.231.9.119] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.9.119/; sid:900607406; rev:1;) alert tcp $HOME_NET any -> [69.16.218.101] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.218.101/; sid:900607407; rev:1;) alert tcp $HOME_NET any -> [159.89.195.36] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.195.36/; sid:900607408; rev:1;) alert tcp $HOME_NET any -> [73.5.119.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.5.119.219/; sid:900607409; rev:1;) alert tcp $HOME_NET any -> [197.89.144.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.130/; sid:900607410; rev:1;) alert tcp $HOME_NET any -> [190.152.125.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.125.75/; sid:900607411; rev:1;) alert tcp $HOME_NET any -> [168.121.97.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.121.97.34/; sid:900607412; rev:1;) alert tcp $HOME_NET any -> [45.229.162.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.162.233/; sid:900607413; rev:1;) alert tcp $HOME_NET any -> [186.159.4.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.4.217/; sid:900607415; rev:1;) alert tcp $HOME_NET any -> [186.97.201.66] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.201.66/; sid:900607416; rev:1;) alert tcp $HOME_NET any -> [200.233.192.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.233.192.111/; sid:900607417; rev:1;) alert tcp $HOME_NET any -> [81.190.193.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.190.193.197/; sid:900607418; rev:1;) alert tcp $HOME_NET any -> [181.205.41.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.205.41.42/; sid:900607419; rev:1;) alert tcp $HOME_NET any -> [181.113.63.86] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.63.86/; sid:900607420; rev:1;) alert tcp $HOME_NET any -> [177.52.26.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.26.233/; sid:900607421; rev:1;) alert tcp $HOME_NET any -> [181.129.251.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.251.109/; sid:900607422; rev:1;) alert tcp $HOME_NET any -> [181.196.148.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.148.42/; sid:900607423; rev:1;) alert tcp $HOME_NET any -> [168.195.167.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.195.167.130/; sid:900607424; rev:1;) alert tcp $HOME_NET any -> [190.110.222.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.222.109/; sid:900607425; rev:1;) alert tcp $HOME_NET any -> [45.65.249.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.65.249.154/; sid:900607426; rev:1;) alert tcp $HOME_NET any -> [103.238.228.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.228.115/; sid:900607427; rev:1;) alert tcp $HOME_NET any -> [31.215.98.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.98.160/; sid:900607428; rev:1;) alert tcp $HOME_NET any -> [131.72.127.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.127.126/; sid:900607429; rev:1;) alert tcp $HOME_NET any -> [188.234.115.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.234.115.35/; sid:900607430; rev:1;) alert tcp $HOME_NET any -> [191.103.252.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.252.193/; sid:900607431; rev:1;) alert tcp $HOME_NET any -> [31.13.195.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.71/; sid:900607432; rev:1;) alert tcp $HOME_NET any -> [162.33.177.154] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.154/; sid:900607433; rev:1;) alert tcp $HOME_NET any -> [31.13.195.85] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.85/; sid:900607434; rev:1;) alert tcp $HOME_NET any -> [87.120.37.76] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.76/; sid:900607435; rev:1;) alert tcp $HOME_NET any -> [181.129.85.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.85.98/; sid:900607436; rev:1;) alert tcp $HOME_NET any -> [189.112.119.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.112.119.205/; sid:900607437; rev:1;) alert tcp $HOME_NET any -> [213.32.252.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.252.221/; sid:900607438; rev:1;) alert tcp $HOME_NET any -> [189.51.118.78] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.51.118.78/; sid:900607439; rev:1;) alert tcp $HOME_NET any -> [95.140.217.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.217.242/; sid:900607440; rev:1;) alert tcp $HOME_NET any -> [186.121.214.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.214.106/; sid:900607441; rev:1;) alert tcp $HOME_NET any -> [103.108.97.51] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.97.51/; sid:900607442; rev:1;) alert tcp $HOME_NET any -> [190.109.169.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.169.161/; sid:900607443; rev:1;) alert tcp $HOME_NET any -> [103.36.79.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.79.3/; sid:900607444; rev:1;) alert tcp $HOME_NET any -> [41.175.22.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.175.22.226/; sid:900607445; rev:1;) alert tcp $HOME_NET any -> [49.176.188.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.176.188.184/; sid:900607446; rev:1;) alert tcp $HOME_NET any -> [61.69.102.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.69.102.170/; sid:900607447; rev:1;) alert tcp $HOME_NET any -> [181.196.148.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.148.202/; sid:900607448; rev:1;) alert tcp $HOME_NET any -> [186.47.75.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.75.58/; sid:900607449; rev:1;) alert tcp $HOME_NET any -> [190.109.171.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.171.17/; sid:900607450; rev:1;) alert tcp $HOME_NET any -> [186.42.212.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.212.30/; sid:900607451; rev:1;) alert tcp $HOME_NET any -> [186.159.12.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.12.18/; sid:900607452; rev:1;) alert tcp $HOME_NET any -> [187.108.32.133] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.108.32.133/; sid:900607453; rev:1;) alert tcp $HOME_NET any -> [201.184.226.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.226.74/; sid:900607454; rev:1;) alert tcp $HOME_NET any -> [190.214.21.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.21.14/; sid:900607455; rev:1;) alert tcp $HOME_NET any -> [186.159.5.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.5.177/; sid:900607456; rev:1;) alert tcp $HOME_NET any -> [187.95.113.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.95.113.110/; sid:900607457; rev:1;) alert tcp $HOME_NET any -> [83.146.71.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.146.71.242/; sid:900607458; rev:1;) alert tcp $HOME_NET any -> [186.159.16.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.16.58/; sid:900607459; rev:1;) alert tcp $HOME_NET any -> [152.156.122.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.156.122.10/; sid:900607460; rev:1;) alert tcp $HOME_NET any -> [200.105.199.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.199.234/; sid:900607461; rev:1;) alert tcp $HOME_NET any -> [186.71.134.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.134.62/; sid:900607462; rev:1;) alert tcp $HOME_NET any -> [186.194.119.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.194.119.205/; sid:900607463; rev:1;) alert tcp $HOME_NET any -> [182.253.100.150] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.100.150/; sid:900607464; rev:1;) alert tcp $HOME_NET any -> [181.49.135.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.135.242/; sid:900607465; rev:1;) alert tcp $HOME_NET any -> [186.235.250.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.250.230/; sid:900607466; rev:1;) alert tcp $HOME_NET any -> [87.120.8.87] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.87/; sid:900607467; rev:1;) alert tcp $HOME_NET any -> [31.13.195.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.125/; sid:900607468; rev:1;) alert tcp $HOME_NET any -> [87.120.37.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.179/; sid:900607469; rev:1;) alert tcp $HOME_NET any -> [190.248.146.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.248.146.170/; sid:900607470; rev:1;) alert tcp $HOME_NET any -> [78.191.12.29] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.12.29/; sid:900607471; rev:1;) alert tcp $HOME_NET any -> [39.49.44.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.44.85/; sid:900607472; rev:1;) alert tcp $HOME_NET any -> [177.52.221.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.221.73/; sid:900607473; rev:1;) alert tcp $HOME_NET any -> [87.120.254.21] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.21/; sid:900607474; rev:1;) alert tcp $HOME_NET any -> [87.120.254.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.33/; sid:900607475; rev:1;) alert tcp $HOME_NET any -> [87.120.8.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.179/; sid:900607476; rev:1;) alert tcp $HOME_NET any -> [87.120.254.75] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.75/; sid:900607477; rev:1;) alert tcp $HOME_NET any -> [87.121.52.124] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.124/; sid:900607478; rev:1;) alert tcp $HOME_NET any -> [139.59.56.73] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.56.73/; sid:900607479; rev:1;) alert tcp $HOME_NET any -> [189.126.72.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.126.72.249/; sid:900607480; rev:1;) alert tcp $HOME_NET any -> [138.36.1.137] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.36.1.137/; sid:900607481; rev:1;) alert tcp $HOME_NET any -> [94.136.143.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.136.143.124/; sid:900607482; rev:1;) alert tcp $HOME_NET any -> [82.160.88.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.160.88.100/; sid:900607483; rev:1;) alert tcp $HOME_NET any -> [158.140.143.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.140.143.54/; sid:900607484; rev:1;) alert tcp $HOME_NET any -> [109.196.148.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.196.148.123/; sid:900607485; rev:1;) alert tcp $HOME_NET any -> [87.120.254.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.112/; sid:900607486; rev:1;) alert tcp $HOME_NET any -> [87.120.8.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.248/; sid:900607487; rev:1;) alert tcp $HOME_NET any -> [87.120.8.198] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.198/; sid:900607488; rev:1;) alert tcp $HOME_NET any -> [87.121.52.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.248/; sid:900607489; rev:1;) alert tcp $HOME_NET any -> [180.214.246.226] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.214.246.226/; sid:900607490; rev:1;) alert tcp $HOME_NET any -> [91.92.109.141] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.141/; sid:900607491; rev:1;) alert tcp $HOME_NET any -> [39.49.21.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.21.132/; sid:900607493; rev:1;) alert tcp $HOME_NET any -> [186.64.87.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.213/; sid:900607494; rev:1;) alert tcp $HOME_NET any -> [188.40.48.93] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.48.93/; sid:900607495; rev:1;) alert tcp $HOME_NET any -> [104.36.167.47] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.36.167.47/; sid:900607496; rev:1;) alert tcp $HOME_NET any -> [217.160.5.104] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.5.104/; sid:900607497; rev:1;) alert tcp $HOME_NET any -> [78.180.163.25] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.163.25/; sid:900607498; rev:1;) alert tcp $HOME_NET any -> [185.183.98.39] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.39/; sid:900607499; rev:1;) alert tcp $HOME_NET any -> [87.120.8.129] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.129/; sid:900607500; rev:1;) alert tcp $HOME_NET any -> [87.120.8.163] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.163/; sid:900607501; rev:1;) alert tcp $HOME_NET any -> [94.140.112.185] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.112.185/; sid:900607502; rev:1;) alert tcp $HOME_NET any -> [194.15.112.35] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.112.35/; sid:900607504; rev:1;) alert tcp $HOME_NET any -> [39.49.104.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.104.126/; sid:900607505; rev:1;) alert tcp $HOME_NET any -> [1.234.65.61] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.65.61/; sid:900607506; rev:1;) alert tcp $HOME_NET any -> [87.120.8.99] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.99/; sid:900607507; rev:1;) alert tcp $HOME_NET any -> [31.13.195.189] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.189/; sid:900607508; rev:1;) alert tcp $HOME_NET any -> [176.24.150.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.24.150.197/; sid:900607510; rev:1;) alert tcp $HOME_NET any -> [134.209.247.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.247.135/; sid:900607511; rev:1;) alert tcp $HOME_NET any -> [89.31.56.58] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.31.56.58/; sid:900607512; rev:1;) alert tcp $HOME_NET any -> [194.233.68.48] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.233.68.48/; sid:900607513; rev:1;) alert tcp $HOME_NET any -> [86.97.9.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.219/; sid:900607514; rev:1;) alert tcp $HOME_NET any -> [170.78.0.135] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.78.0.135/; sid:900607515; rev:1;) alert tcp $HOME_NET any -> [94.140.113.0] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.113.0/; sid:900607516; rev:1;) alert tcp $HOME_NET any -> [103.124.106.174] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.106.174/; sid:900607517; rev:1;) alert tcp $HOME_NET any -> [94.200.181.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.181.154/; sid:900607518; rev:1;) alert tcp $HOME_NET any -> [144.91.122.94] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.94/; sid:900607519; rev:1;) alert tcp $HOME_NET any -> [167.99.141.108] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.141.108/; sid:900607520; rev:1;) alert tcp $HOME_NET any -> [37.59.74.180] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.74.180/; sid:900607521; rev:1;) alert tcp $HOME_NET any -> [194.9.172.107] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.9.172.107/; sid:900607522; rev:1;) alert tcp $HOME_NET any -> [50.238.6.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.238.6.36/; sid:900607523; rev:1;) alert tcp $HOME_NET any -> [24.95.61.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.95.61.62/; sid:900607524; rev:1;) alert tcp $HOME_NET any -> [32.221.229.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.229.7/; sid:900607525; rev:1;) alert tcp $HOME_NET any -> [5.54.35.115] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.35.115/; sid:900607526; rev:1;) alert tcp $HOME_NET any -> [75.110.250.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.250.187/; sid:900607527; rev:1;) alert tcp $HOME_NET any -> [63.153.187.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.187.104/; sid:900607528; rev:1;) alert tcp $HOME_NET any -> [24.53.49.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.49.240/; sid:900607529; rev:1;) alert tcp $HOME_NET any -> [114.79.148.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.148.170/; sid:900607530; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607531; rev:1;) alert tcp $HOME_NET any -> [74.15.2.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.15.2.252/; sid:900607532; rev:1;) alert tcp $HOME_NET any -> [217.128.93.27] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.93.27/; sid:900607533; rev:1;) alert tcp $HOME_NET any -> [24.178.196.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.196.158/; sid:900607534; rev:1;) alert tcp $HOME_NET any -> [96.80.109.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.80.109.57/; sid:900607535; rev:1;) alert tcp $HOME_NET any -> [149.135.101.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.101.20/; sid:900607536; rev:1;) alert tcp $HOME_NET any -> [217.165.123.47] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.123.47/; sid:900607537; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900607538; rev:1;) alert tcp $HOME_NET any -> [80.14.196.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.14.196.176/; sid:900607539; rev:1;) alert tcp $HOME_NET any -> [67.209.195.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.195.198/; sid:900607540; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607541; rev:1;) alert tcp $HOME_NET any -> [24.222.20.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.20.254/; sid:900607542; rev:1;) alert tcp $HOME_NET any -> [86.98.53.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.53.83/; sid:900607543; rev:1;) alert tcp $HOME_NET any -> [76.169.147.192] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.169.147.192/; sid:900607544; rev:1;) alert tcp $HOME_NET any -> [23.233.146.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.146.92/; sid:900607545; rev:1;) alert tcp $HOME_NET any -> [70.51.134.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.181/; sid:900607546; rev:1;) alert tcp $HOME_NET any -> [187.189.86.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.86.168/; sid:900607547; rev:1;) alert tcp $HOME_NET any -> [65.128.36.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.128.36.247/; sid:900607548; rev:1;) alert tcp $HOME_NET any -> [106.51.48.170] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.48.170/; sid:900607549; rev:1;) alert tcp $HOME_NET any -> [182.191.92.203] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.92.203/; sid:900607550; rev:1;) alert tcp $HOME_NET any -> [111.125.245.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.245.116/; sid:900607551; rev:1;) alert tcp $HOME_NET any -> [114.79.145.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.145.28/; sid:900607552; rev:1;) alert tcp $HOME_NET any -> [194.29.101.118] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.29.101.118/; sid:900607554; rev:1;) alert tcp $HOME_NET any -> [87.121.52.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.177/; sid:900607555; rev:1;) alert tcp $HOME_NET any -> [87.120.8.91] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.91/; sid:900607556; rev:1;) alert tcp $HOME_NET any -> [59.6.7.83] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.6.7.83/; sid:900607557; rev:1;) alert tcp $HOME_NET any -> [82.152.39.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.152.39.39/; sid:900607558; rev:1;) alert tcp $HOME_NET any -> [70.163.1.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.163.1.219/; sid:900607559; rev:1;) alert tcp $HOME_NET any -> [95.5.133.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.5.133.68/; sid:900607560; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607561; rev:1;) alert tcp $HOME_NET any -> [37.211.157.100] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.157.100/; sid:900607562; rev:1;) alert tcp $HOME_NET any -> [79.167.192.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.192.206/; sid:900607563; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900607564; rev:1;) alert tcp $HOME_NET any -> [217.164.247.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.247.241/; sid:900607565; rev:1;) alert tcp $HOME_NET any -> [39.49.27.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.27.10/; sid:900607566; rev:1;) alert tcp $HOME_NET any -> [14.96.79.22] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.96.79.22/; sid:900607567; rev:1;) alert tcp $HOME_NET any -> [31.215.99.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.99.73/; sid:900607568; rev:1;) alert tcp $HOME_NET any -> [190.39.205.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.39.205.165/; sid:900607569; rev:1;) alert tcp $HOME_NET any -> [40.134.247.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.247.125/; sid:900607570; rev:1;) alert tcp $HOME_NET any -> [50.237.134.22] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.237.134.22/; sid:900607571; rev:1;) alert tcp $HOME_NET any -> [144.91.122.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.100/; sid:900607572; rev:1;) alert tcp $HOME_NET any -> [188.214.241.242] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.214.241.242/; sid:900607573; rev:1;) alert tcp $HOME_NET any -> [173.71.147.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.71.147.134/; sid:900607574; rev:1;) alert tcp $HOME_NET any -> [213.120.26.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.26.24/; sid:900607575; rev:1;) alert tcp $HOME_NET any -> [31.13.195.126] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.126/; sid:900607576; rev:1;) alert tcp $HOME_NET any -> [31.13.195.187] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.187/; sid:900607577; rev:1;) alert tcp $HOME_NET any -> [87.120.254.135] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.135/; sid:900607578; rev:1;) alert tcp $HOME_NET any -> [87.121.52.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.13/; sid:900607579; rev:1;) alert tcp $HOME_NET any -> [91.92.109.52] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.52/; sid:900607580; rev:1;) alert tcp $HOME_NET any -> [91.92.109.54] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.54/; sid:900607581; rev:1;) alert tcp $HOME_NET any -> [144.202.34.169] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.34.169/; sid:900607582; rev:1;) alert tcp $HOME_NET any -> [159.65.1.71] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.1.71/; sid:900607583; rev:1;) alert tcp $HOME_NET any -> [74.5.148.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.5.148.57/; sid:900607584; rev:1;) alert tcp $HOME_NET any -> [139.59.14.223] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.14.223/; sid:900607585; rev:1;) alert tcp $HOME_NET any -> [120.50.40.185] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.50.40.185/; sid:900607587; rev:1;) alert tcp $HOME_NET any -> [45.15.23.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.23.184/; sid:900607588; rev:1;) alert tcp $HOME_NET any -> [162.214.50.39] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.50.39/; sid:900607589; rev:1;) alert tcp $HOME_NET any -> [54.37.212.235] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.212.235/; sid:900607590; rev:1;) alert tcp $HOME_NET any -> [31.35.28.29] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.35.28.29/; sid:900607591; rev:1;) alert tcp $HOME_NET any -> [37.210.226.125] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.226.125/; sid:900607592; rev:1;) alert tcp $HOME_NET any -> [189.174.46.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.174.46.65/; sid:900607593; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607594; rev:1;) alert tcp $HOME_NET any -> [86.98.52.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.52.117/; sid:900607595; rev:1;) alert tcp $HOME_NET any -> [187.162.59.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.59.232/; sid:900607596; rev:1;) alert tcp $HOME_NET any -> [79.173.195.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.173.195.234/; sid:900607598; rev:1;) alert tcp $HOME_NET any -> [103.208.86.151] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.151/; sid:900607599; rev:1;) alert tcp $HOME_NET any -> [103.208.86.182] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.182/; sid:900607600; rev:1;) alert tcp $HOME_NET any -> [103.208.86.176] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.176/; sid:900607601; rev:1;) alert tcp $HOME_NET any -> [103.208.86.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.177/; sid:900607602; rev:1;) alert tcp $HOME_NET any -> [103.208.86.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.179/; sid:900607603; rev:1;) alert tcp $HOME_NET any -> [103.208.86.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.148/; sid:900607604; rev:1;) alert tcp $HOME_NET any -> [139.162.113.169] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.113.169/; sid:900607605; rev:1;) alert tcp $HOME_NET any -> [144.91.122.102] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.102/; sid:900607606; rev:1;) alert tcp $HOME_NET any -> [85.10.248.28] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.10.248.28/; sid:900607607; rev:1;) alert tcp $HOME_NET any -> [185.4.135.27] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.27/; sid:900607608; rev:1;) alert tcp $HOME_NET any -> [80.211.3.13] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.3.13/; sid:900607609; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607610; rev:1;) alert tcp $HOME_NET any -> [31.215.70.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.105/; sid:900607611; rev:1;) alert tcp $HOME_NET any -> [178.153.86.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.86.181/; sid:900607612; rev:1;) alert tcp $HOME_NET any -> [51.38.71.0] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.0/; sid:900607613; rev:1;) alert tcp $HOME_NET any -> [144.217.91.150] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.91.150/; sid:900607614; rev:1;) alert tcp $HOME_NET any -> [104.168.155.129] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900607615; rev:1;) alert tcp $HOME_NET any -> [121.175.104.13] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.104.13/; sid:900607616; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607617; rev:1;) alert tcp $HOME_NET any -> [217.39.100.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.39.100.89/; sid:900607618; rev:1;) alert tcp $HOME_NET any -> [94.62.161.77] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.62.161.77/; sid:900607619; rev:1;) alert tcp $HOME_NET any -> [83.110.91.18] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.18/; sid:900607620; rev:1;) alert tcp $HOME_NET any -> [86.97.9.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.221/; sid:900607621; rev:1;) alert tcp $HOME_NET any -> [78.180.66.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.66.163/; sid:900607622; rev:1;) alert tcp $HOME_NET any -> [69.14.172.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.14.172.24/; sid:900607623; rev:1;) alert tcp $HOME_NET any -> [54.37.70.105] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900607624; rev:1;) alert tcp $HOME_NET any -> [23.253.208.162] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.208.162/; sid:900607625; rev:1;) alert tcp $HOME_NET any -> [31.215.215.152] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.215.152/; sid:900607627; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607628; rev:1;) alert tcp $HOME_NET any -> [5.181.156.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.156.16/; sid:900607629; rev:1;) alert tcp $HOME_NET any -> [31.13.195.133] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.133/; sid:900607630; rev:1;) alert tcp $HOME_NET any -> [31.13.195.107] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.107/; sid:900607631; rev:1;) alert tcp $HOME_NET any -> [87.120.8.185] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.185/; sid:900607632; rev:1;) alert tcp $HOME_NET any -> [94.140.114.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.201/; sid:900607633; rev:1;) alert tcp $HOME_NET any -> [103.70.29.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.70.29.165/; sid:900607634; rev:1;) alert tcp $HOME_NET any -> [88.253.171.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.171.236/; sid:900607635; rev:1;) alert tcp $HOME_NET any -> [194.36.28.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.238/; sid:900607636; rev:1;) alert tcp $HOME_NET any -> [91.201.202.216] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.201.202.216/; sid:900607637; rev:1;) alert tcp $HOME_NET any -> [192.119.93.26] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.93.26/; sid:900607638; rev:1;) alert tcp $HOME_NET any -> [103.124.107.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.107.109/; sid:900607639; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607640; rev:1;) alert tcp $HOME_NET any -> [176.67.56.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.67.56.94/; sid:900607641; rev:1;) alert tcp $HOME_NET any -> [5.32.41.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.41.46/; sid:900607642; rev:1;) alert tcp $HOME_NET any -> [180.233.150.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.233.150.134/; sid:900607643; rev:1;) alert tcp $HOME_NET any -> [218.253.234.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.253.234.82/; sid:900607644; rev:1;) alert tcp $HOME_NET any -> [75.156.151.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.151.34/; sid:900607645; rev:1;) alert tcp $HOME_NET any -> [190.45.79.111] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.79.111/; sid:900607646; rev:1;) alert tcp $HOME_NET any -> [128.106.122.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.39/; sid:900607647; rev:1;) alert tcp $HOME_NET any -> [144.86.10.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.10.42/; sid:900607648; rev:1;) alert tcp $HOME_NET any -> [176.205.194.245] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.194.245/; sid:900607649; rev:1;) alert tcp $HOME_NET any -> [149.200.165.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.200.165.116/; sid:900607650; rev:1;) alert tcp $HOME_NET any -> [86.144.217.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.144.217.66/; sid:900607651; rev:1;) alert tcp $HOME_NET any -> [70.51.153.90] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.90/; sid:900607652; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900607654; rev:1;) alert tcp $HOME_NET any -> [176.205.209.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.209.183/; sid:900607655; rev:1;) alert tcp $HOME_NET any -> [91.121.146.47] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.146.47/; sid:900607656; rev:1;) alert tcp $HOME_NET any -> [103.70.29.126] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.70.29.126/; sid:900607657; rev:1;) alert tcp $HOME_NET any -> [103.9.36.172] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.36.172/; sid:900607658; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607659; rev:1;) alert tcp $HOME_NET any -> [46.101.175.170] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.175.170/; sid:900607660; rev:1;) alert tcp $HOME_NET any -> [72.66.116.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.66.116.235/; sid:900607661; rev:1;) alert tcp $HOME_NET any -> [139.99.30.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.30.176/; sid:900607665; rev:1;) alert tcp $HOME_NET any -> [82.98.180.154] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.98.180.154/; sid:900607666; rev:1;) alert tcp $HOME_NET any -> [103.208.86.228] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.228/; sid:900607667; rev:1;) alert tcp $HOME_NET any -> [103.208.86.233] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.233/; sid:900607668; rev:1;) alert tcp $HOME_NET any -> [209.59.138.75] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.138.75/; sid:900607669; rev:1;) alert tcp $HOME_NET any -> [131.100.24.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900607670; rev:1;) alert tcp $HOME_NET any -> [45.138.98.34] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.98.34/; sid:900607673; rev:1;) alert tcp $HOME_NET any -> [69.16.218.101] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.218.101/; sid:900607674; rev:1;) alert tcp $HOME_NET any -> [5.181.80.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.108/; sid:900607675; rev:1;) alert tcp $HOME_NET any -> [94.140.115.3] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.115.3/; sid:900607676; rev:1;) alert tcp $HOME_NET any -> [45.15.131.126] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.131.126/; sid:900607677; rev:1;) alert tcp $HOME_NET any -> [193.169.86.84] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.169.86.84/; sid:900607679; rev:1;) alert tcp $HOME_NET any -> [45.41.204.150] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.150/; sid:900607680; rev:1;) alert tcp $HOME_NET any -> [148.163.42.203] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.163.42.203/; sid:900607681; rev:1;) alert tcp $HOME_NET any -> [185.163.45.132] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.132/; sid:900607683; rev:1;) alert tcp $HOME_NET any -> [87.121.52.231] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.231/; sid:900607685; rev:1;) alert tcp $HOME_NET any -> [200.75.131.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.131.234/; sid:900607686; rev:1;) alert tcp $HOME_NET any -> [144.217.88.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.88.125/; sid:900607687; rev:1;) alert tcp $HOME_NET any -> [5.39.63.103] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.63.103/; sid:900607690; rev:1;) alert tcp $HOME_NET any -> [5.181.80.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.177/; sid:900607691; rev:1;) alert tcp $HOME_NET any -> [80.71.158.22] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.22/; sid:900607692; rev:1;) alert tcp $HOME_NET any -> [94.140.113.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.113.53/; sid:900607693; rev:1;) alert tcp $HOME_NET any -> [23.160.193.119] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.119/; sid:900607694; rev:1;) alert tcp $HOME_NET any -> [144.217.50.242] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.242/; sid:900607695; rev:1;) alert tcp $HOME_NET any -> [142.11.237.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.237.178/; sid:900607697; rev:1;) alert tcp $HOME_NET any -> [23.160.193.190] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.190/; sid:900607698; rev:1;) alert tcp $HOME_NET any -> [23.160.193.221] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.221/; sid:900607699; rev:1;) alert tcp $HOME_NET any -> [80.71.158.106] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.106/; sid:900607700; rev:1;) alert tcp $HOME_NET any -> [148.163.42.213] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.163.42.213/; sid:900607701; rev:1;) alert tcp $HOME_NET any -> [162.55.32.153] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.55.32.153/; sid:900607702; rev:1;) alert tcp $HOME_NET any -> [185.99.132.121] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.132.121/; sid:900607703; rev:1;) alert tcp $HOME_NET any -> [185.183.96.244] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.244/; sid:900607704; rev:1;) alert tcp $HOME_NET any -> [188.127.235.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.127.235.177/; sid:900607705; rev:1;) alert tcp $HOME_NET any -> [194.15.113.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.113.155/; sid:900607706; rev:1;) alert tcp $HOME_NET any -> [104.143.94.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.143.94.101/; sid:900607707; rev:1;) alert tcp $HOME_NET any -> [103.208.86.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.245/; sid:900607708; rev:1;) alert tcp $HOME_NET any -> [37.203.225.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.203.225.248/; sid:900607709; rev:1;) alert tcp $HOME_NET any -> [32.221.231.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.231.1/; sid:900607710; rev:1;) alert tcp $HOME_NET any -> [83.110.2.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.2.97/; sid:900607711; rev:1;) alert tcp $HOME_NET any -> [86.98.32.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.32.228/; sid:900607712; rev:1;) alert tcp $HOME_NET any -> [130.164.129.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.129.3/; sid:900607713; rev:1;) alert tcp $HOME_NET any -> [31.167.160.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.160.170/; sid:900607714; rev:1;) alert tcp $HOME_NET any -> [75.139.7.190] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.7.190/; sid:900607715; rev:1;) alert tcp $HOME_NET any -> [89.114.156.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.114.156.182/; sid:900607716; rev:1;) alert tcp $HOME_NET any -> [86.98.47.119] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.47.119/; sid:900607717; rev:1;) alert tcp $HOME_NET any -> [185.249.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.209/; sid:900607718; rev:1;) alert tcp $HOME_NET any -> [94.59.253.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.253.222/; sid:900607719; rev:1;) alert tcp $HOME_NET any -> [78.101.147.76] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.147.76/; sid:900607720; rev:1;) alert tcp $HOME_NET any -> [37.210.172.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.172.200/; sid:900607721; rev:1;) alert tcp $HOME_NET any -> [31.215.99.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.99.178/; sid:900607722; rev:1;) alert tcp $HOME_NET any -> [39.49.110.129] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.110.129/; sid:900607723; rev:1;) alert tcp $HOME_NET any -> [86.97.246.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.244/; sid:900607724; rev:1;) alert tcp $HOME_NET any -> [86.97.246.244] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.244/; sid:900607725; rev:1;) alert tcp $HOME_NET any -> [70.51.153.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.245/; sid:900607726; rev:1;) alert tcp $HOME_NET any -> [70.45.174.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.174.173/; sid:900607727; rev:1;) alert tcp $HOME_NET any -> [31.215.69.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.82/; sid:900607728; rev:1;) alert tcp $HOME_NET any -> [45.80.148.200] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.200/; sid:900607729; rev:1;) alert tcp $HOME_NET any -> [80.211.3.13] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.3.13/; sid:900607730; rev:1;) alert tcp $HOME_NET any -> [162.243.175.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.175.63/; sid:900607731; rev:1;) alert tcp $HOME_NET any -> [78.87.44.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.44.54/; sid:900607732; rev:1;) alert tcp $HOME_NET any -> [220.255.25.1] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.1/; sid:900607734; rev:1;) alert tcp $HOME_NET any -> [60.54.102.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.102.15/; sid:900607735; rev:1;) alert tcp $HOME_NET any -> [144.86.28.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.28.125/; sid:900607736; rev:1;) alert tcp $HOME_NET any -> [197.89.105.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.105.165/; sid:900607737; rev:1;) alert tcp $HOME_NET any -> [92.99.167.144] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.167.144/; sid:900607738; rev:1;) alert tcp $HOME_NET any -> [186.64.87.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.207/; sid:900607739; rev:1;) alert tcp $HOME_NET any -> [27.5.4.194] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.4.194/; sid:900607740; rev:1;) alert tcp $HOME_NET any -> [51.77.82.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.125/; sid:900607741; rev:1;) alert tcp $HOME_NET any -> [69.197.160.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.197.160.180/; sid:900607742; rev:1;) alert tcp $HOME_NET any -> [217.128.171.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.171.34/; sid:900607743; rev:1;) alert tcp $HOME_NET any -> [31.215.68.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.68.214/; sid:900607744; rev:1;) alert tcp $HOME_NET any -> [75.139.6.238] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.6.238/; sid:900607745; rev:1;) alert tcp $HOME_NET any -> [129.208.24.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.24.13/; sid:900607746; rev:1;) alert tcp $HOME_NET any -> [89.211.212.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.212.28/; sid:900607747; rev:1;) alert tcp $HOME_NET any -> [37.210.224.4] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.224.4/; sid:900607748; rev:1;) alert tcp $HOME_NET any -> [39.49.49.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.49.175/; sid:900607749; rev:1;) alert tcp $HOME_NET any -> [70.50.147.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.147.95/; sid:900607750; rev:1;) alert tcp $HOME_NET any -> [41.226.30.6] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.226.30.6/; sid:900607751; rev:1;) alert tcp $HOME_NET any -> [162.243.16.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.16.232/; sid:900607752; rev:1;) alert tcp $HOME_NET any -> [104.236.168.190] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.168.190/; sid:900607753; rev:1;) alert tcp $HOME_NET any -> [210.2.86.96] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.86.96/; sid:900607754; rev:1;) alert tcp $HOME_NET any -> [190.206.211.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.206.211.182/; sid:900607755; rev:1;) alert tcp $HOME_NET any -> [78.96.235.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.96.235.245/; sid:900607756; rev:1;) alert tcp $HOME_NET any -> [185.244.166.137] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.166.137/; sid:900607757; rev:1;) alert tcp $HOME_NET any -> [85.25.120.45] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.120.45/; sid:900607758; rev:1;) alert tcp $HOME_NET any -> [185.168.130.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.168.130.138/; sid:900607759; rev:1;) alert tcp $HOME_NET any -> [59.148.253.194] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900607760; rev:1;) alert tcp $HOME_NET any -> [203.153.216.46] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.46/; sid:900607761; rev:1;) alert tcp $HOME_NET any -> [75.168.192.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.168.192.223/; sid:900607762; rev:1;) alert tcp $HOME_NET any -> [113.28.253.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.28.253.9/; sid:900607763; rev:1;) alert tcp $HOME_NET any -> [73.59.201.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.59.201.174/; sid:900607764; rev:1;) alert tcp $HOME_NET any -> [39.44.254.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.254.218/; sid:900607765; rev:1;) alert tcp $HOME_NET any -> [5.181.156.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.156.53/; sid:900607766; rev:1;) alert tcp $HOME_NET any -> [87.120.37.114] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.114/; sid:900607767; rev:1;) alert tcp $HOME_NET any -> [94.140.115.130] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.115.130/; sid:900607768; rev:1;) alert tcp $HOME_NET any -> [103.114.163.175] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.114.163.175/; sid:900607769; rev:1;) alert tcp $HOME_NET any -> [165.227.114.118] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.114.118/; sid:900607770; rev:1;) alert tcp $HOME_NET any -> [87.106.97.83] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900607771; rev:1;) alert tcp $HOME_NET any -> [80.71.158.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.109/; sid:900607772; rev:1;) alert tcp $HOME_NET any -> [89.32.148.223] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.148.223/; sid:900607773; rev:1;) alert tcp $HOME_NET any -> [188.40.137.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900607774; rev:1;) alert tcp $HOME_NET any -> [159.69.43.124] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.43.124/; sid:900607775; rev:1;) alert tcp $HOME_NET any -> [45.79.80.198] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.80.198/; sid:900607776; rev:1;) alert tcp $HOME_NET any -> [45.13.132.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.13.132.26/; sid:900607777; rev:1;) alert tcp $HOME_NET any -> [23.160.193.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.16/; sid:900607778; rev:1;) alert tcp $HOME_NET any -> [23.160.193.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.12/; sid:900607779; rev:1;) alert tcp $HOME_NET any -> [23.160.193.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.38/; sid:900607780; rev:1;) alert tcp $HOME_NET any -> [185.99.132.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.132.109/; sid:900607782; rev:1;) alert tcp $HOME_NET any -> [51.15.4.22] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.4.22/; sid:900607783; rev:1;) alert tcp $HOME_NET any -> [173.214.173.220] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.214.173.220/; sid:900607784; rev:1;) alert tcp $HOME_NET any -> [185.157.82.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.157.82.209/; sid:900607785; rev:1;) alert tcp $HOME_NET any -> [94.158.245.232] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.232/; sid:900607786; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607787; rev:1;) alert tcp $HOME_NET any -> [46.101.126.21] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.126.21/; sid:900607788; rev:1;) alert tcp $HOME_NET any -> [217.61.108.175] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.61.108.175/; sid:900607789; rev:1;) alert tcp $HOME_NET any -> [74.63.218.139] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900607790; rev:1;) alert tcp $HOME_NET any -> [181.57.137.115] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.137.115/; sid:900607791; rev:1;) alert tcp $HOME_NET any -> [62.141.45.103] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.141.45.103/; sid:900607792; rev:1;) alert tcp $HOME_NET any -> [159.65.163.220] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.163.220/; sid:900607793; rev:1;) alert tcp $HOME_NET any -> [162.144.76.184] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900607794; rev:1;) alert tcp $HOME_NET any -> [128.199.93.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.93.156/; sid:900607795; rev:1;) alert tcp $HOME_NET any -> [160.16.102.168] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.102.168/; sid:900607796; rev:1;) alert tcp $HOME_NET any -> [159.89.230.105] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.230.105/; sid:900607797; rev:1;) alert tcp $HOME_NET any -> [198.199.98.78] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.98.78/; sid:900607798; rev:1;) alert tcp $HOME_NET any -> [139.196.72.155] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.196.72.155/; sid:900607799; rev:1;) alert tcp $HOME_NET any -> [74.207.230.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.230.120/; sid:900607800; rev:1;) alert tcp $HOME_NET any -> [72.249.22.245] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900607801; rev:1;) alert tcp $HOME_NET any -> [51.68.138.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.138.110/; sid:900607802; rev:1;) alert tcp $HOME_NET any -> [73.136.32.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.136.32.202/; sid:900607803; rev:1;) alert tcp $HOME_NET any -> [5.39.63.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.63.98/; sid:900607804; rev:1;) alert tcp $HOME_NET any -> [45.14.226.23] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.14.226.23/; sid:900607805; rev:1;) alert tcp $HOME_NET any -> [144.217.50.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.254/; sid:900607806; rev:1;) alert tcp $HOME_NET any -> [146.19.253.90] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.90/; sid:900607807; rev:1;) alert tcp $HOME_NET any -> [185.163.45.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.201/; sid:900607808; rev:1;) alert tcp $HOME_NET any -> [185.163.45.173] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.173/; sid:900607809; rev:1;) alert tcp $HOME_NET any -> [194.40.243.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.40.243.33/; sid:900607810; rev:1;) alert tcp $HOME_NET any -> [194.38.20.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.38.20.33/; sid:900607811; rev:1;) alert tcp $HOME_NET any -> [194.180.174.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.180.174.138/; sid:900607812; rev:1;) alert tcp $HOME_NET any -> [138.197.64.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.64.211/; sid:900607813; rev:1;) alert tcp $HOME_NET any -> [177.39.156.177] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.39.156.177/; sid:900607814; rev:1;) alert tcp $HOME_NET any -> [144.76.186.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.186.49/; sid:900607817; rev:1;) alert tcp $HOME_NET any -> [69.64.62.4] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900607818; rev:1;) alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900607819; rev:1;) alert tcp $HOME_NET any -> [37.186.54.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.18/; sid:900607820; rev:1;) alert tcp $HOME_NET any -> [186.64.87.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.224/; sid:900607821; rev:1;) alert tcp $HOME_NET any -> [76.23.237.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.23.237.163/; sid:900607822; rev:1;) alert tcp $HOME_NET any -> [193.251.59.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.251.59.245/; sid:900607823; rev:1;) alert tcp $HOME_NET any -> [89.211.184.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.184.52/; sid:900607824; rev:1;) alert tcp $HOME_NET any -> [129.208.150.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.150.26/; sid:900607825; rev:1;) alert tcp $HOME_NET any -> [70.51.152.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.153/; sid:900607826; rev:1;) alert tcp $HOME_NET any -> [78.171.227.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.171.227.181/; sid:900607827; rev:1;) alert tcp $HOME_NET any -> [130.164.164.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.164.12/; sid:900607828; rev:1;) alert tcp $HOME_NET any -> [83.110.218.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.201/; sid:900607829; rev:1;) alert tcp $HOME_NET any -> [86.98.157.250] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.250/; sid:900607830; rev:1;) alert tcp $HOME_NET any -> [217.164.119.78] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.78/; sid:900607831; rev:1;) alert tcp $HOME_NET any -> [31.215.98.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.98.47/; sid:900607832; rev:1;) alert tcp $HOME_NET any -> [83.110.3.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.3.0/; sid:900607833; rev:1;) alert tcp $HOME_NET any -> [197.89.21.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.21.45/; sid:900607834; rev:1;) alert tcp $HOME_NET any -> [39.49.13.108] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.13.108/; sid:900607835; rev:1;) alert tcp $HOME_NET any -> [184.100.174.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.100.174.73/; sid:900607836; rev:1;) alert tcp $HOME_NET any -> [94.249.93.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.249.93.70/; sid:900607837; rev:1;) alert tcp $HOME_NET any -> [41.230.62.211] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.62.211/; sid:900607838; rev:1;) alert tcp $HOME_NET any -> [45.89.127.63] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.63/; sid:900607842; rev:1;) alert tcp $HOME_NET any -> [80.71.158.110] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.110/; sid:900607843; rev:1;) alert tcp $HOME_NET any -> [185.38.185.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.38.185.13/; sid:900607844; rev:1;) alert tcp $HOME_NET any -> [45.41.204.137] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.137/; sid:900607845; rev:1;) alert tcp $HOME_NET any -> [23.160.193.24] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.24/; sid:900607846; rev:1;) alert tcp $HOME_NET any -> [5.2.78.37] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.37/; sid:900607847; rev:1;) alert tcp $HOME_NET any -> [45.12.90.144] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.12.90.144/; sid:900607848; rev:1;) alert tcp $HOME_NET any -> [45.184.36.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.36.10/; sid:900607849; rev:1;) alert tcp $HOME_NET any -> [103.75.201.4] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.4/; sid:900607851; rev:1;) alert tcp $HOME_NET any -> [149.202.179.100] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.179.100/; sid:900607852; rev:1;) alert tcp $HOME_NET any -> [86.216.251.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.216.251.231/; sid:900607853; rev:1;) alert tcp $HOME_NET any -> [161.142.48.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.48.132/; sid:900607854; rev:1;) alert tcp $HOME_NET any -> [89.86.33.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.86.33.217/; sid:900607855; rev:1;) alert tcp $HOME_NET any -> [103.82.248.59] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.248.59/; sid:900607856; rev:1;) alert tcp $HOME_NET any -> [180.250.21.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900607857; rev:1;) alert tcp $HOME_NET any -> [142.93.76.76] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900607858; rev:1;) alert tcp $HOME_NET any -> [43.229.206.214] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900607859; rev:1;) alert tcp $HOME_NET any -> [45.71.195.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.71.195.120/; sid:900607860; rev:1;) alert tcp $HOME_NET any -> [149.56.163.161] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.163.161/; sid:900607861; rev:1;) alert tcp $HOME_NET any -> [23.246.204.126] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.246.204.126/; sid:900607862; rev:1;) alert tcp $HOME_NET any -> [212.237.5.209] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.5.209/; sid:900607863; rev:1;) alert tcp $HOME_NET any -> [185.184.25.78] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.78/; sid:900607864; rev:1;) alert tcp $HOME_NET any -> [54.37.106.167] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900607865; rev:1;) alert tcp $HOME_NET any -> [172.105.115.71] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.115.71/; sid:900607866; rev:1;) alert tcp $HOME_NET any -> [104.251.214.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.251.214.46/; sid:900607867; rev:1;) alert tcp $HOME_NET any -> [192.254.71.210] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.71.210/; sid:900607868; rev:1;) alert tcp $HOME_NET any -> [144.76.186.55] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.186.55/; sid:900607869; rev:1;) alert tcp $HOME_NET any -> [192.95.56.148] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.95.56.148/; sid:900607870; rev:1;) alert tcp $HOME_NET any -> [178.128.83.165] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900607871; rev:1;) alert tcp $HOME_NET any -> [93.104.208.37] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.104.208.37/; sid:900607872; rev:1;) alert tcp $HOME_NET any -> [174.136.15.27] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.136.15.27/; sid:900607873; rev:1;) alert tcp $HOME_NET any -> [185.122.58.89] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.122.58.89/; sid:900607874; rev:1;) alert tcp $HOME_NET any -> [94.140.114.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.254/; sid:900607876; rev:1;) alert tcp $HOME_NET any -> [139.28.235.26] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.235.26/; sid:900607879; rev:1;) alert tcp $HOME_NET any -> [45.79.173.200] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.173.200/; sid:900607882; rev:1;) alert tcp $HOME_NET any -> [54.36.98.59] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.98.59/; sid:900607883; rev:1;) alert tcp $HOME_NET any -> [67.205.162.68] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.162.68/; sid:900607884; rev:1;) alert tcp $HOME_NET any -> [109.230.199.106] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.230.199.106/; sid:900607885; rev:1;) alert tcp $HOME_NET any -> [194.76.227.89] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.76.227.89/; sid:900607886; rev:1;) alert tcp $HOME_NET any -> [73.67.152.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.67.152.98/; sid:900607887; rev:1;) alert tcp $HOME_NET any -> [45.41.204.156] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.156/; sid:900607888; rev:1;) alert tcp $HOME_NET any -> [194.38.20.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.38.20.12/; sid:900607889; rev:1;) alert tcp $HOME_NET any -> [185.158.251.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.158.251.101/; sid:900607890; rev:1;) alert tcp $HOME_NET any -> [80.71.158.42] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.42/; sid:900607892; rev:1;) alert tcp $HOME_NET any -> [8.9.11.48] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.9.11.48/; sid:900607893; rev:1;) alert tcp $HOME_NET any -> [103.42.57.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.17/; sid:900607894; rev:1;) alert tcp $HOME_NET any -> [92.177.45.46] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.177.45.46/; sid:900607895; rev:1;) alert tcp $HOME_NET any -> [185.248.140.40] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.248.140.40/; sid:900607896; rev:1;) alert tcp $HOME_NET any -> [198.252.108.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.252.108.16/; sid:900607897; rev:1;) alert tcp $HOME_NET any -> [75.169.58.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.169.58.229/; sid:900607898; rev:1;) alert tcp $HOME_NET any -> [192.119.162.97] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.162.97/; sid:900607899; rev:1;) alert tcp $HOME_NET any -> [23.160.193.223] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.223/; sid:900607900; rev:1;) alert tcp $HOME_NET any -> [45.41.204.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.158/; sid:900607901; rev:1;) alert tcp $HOME_NET any -> [198.199.126.144] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.126.144/; sid:900607902; rev:1;) alert tcp $HOME_NET any -> [207.38.84.195] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.38.84.195/; sid:900607904; rev:1;) alert tcp $HOME_NET any -> [31.215.29.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.29.238/; sid:900607905; rev:1;) alert tcp $HOME_NET any -> [23.82.128.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.128.108/; sid:900607906; rev:1;) alert tcp $HOME_NET any -> [103.134.85.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.134.85.85/; sid:900607907; rev:1;) alert tcp $HOME_NET any -> [194.76.227.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.76.227.98/; sid:900607909; rev:1;) alert tcp $HOME_NET any -> [103.208.86.235] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.235/; sid:900607910; rev:1;) alert tcp $HOME_NET any -> [103.208.86.205] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.205/; sid:900607911; rev:1;) alert tcp $HOME_NET any -> [103.208.86.211] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.211/; sid:900607912; rev:1;) alert tcp $HOME_NET any -> [103.208.86.234] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.234/; sid:900607913; rev:1;) alert tcp $HOME_NET any -> [103.208.86.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.112/; sid:900607914; rev:1;) alert tcp $HOME_NET any -> [5.2.70.80] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.70.80/; sid:900607915; rev:1;) alert tcp $HOME_NET any -> [64.231.96.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.96.211/; sid:900607917; rev:1;) alert tcp $HOME_NET any -> [75.67.73.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.73.144/; sid:900607918; rev:1;) alert tcp $HOME_NET any -> [37.211.176.26] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.176.26/; sid:900607919; rev:1;) alert tcp $HOME_NET any -> [2.50.41.69] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.41.69/; sid:900607920; rev:1;) alert tcp $HOME_NET any -> [37.210.157.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.157.12/; sid:900607921; rev:1;) alert tcp $HOME_NET any -> [217.164.115.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.115.166/; sid:900607922; rev:1;) alert tcp $HOME_NET any -> [78.87.41.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.41.5/; sid:900607923; rev:1;) alert tcp $HOME_NET any -> [70.51.137.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.204/; sid:900607924; rev:1;) alert tcp $HOME_NET any -> [100.1.108.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.108.246/; sid:900607925; rev:1;) alert tcp $HOME_NET any -> [70.45.27.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.27.254/; sid:900607926; rev:1;) alert tcp $HOME_NET any -> [181.118.183.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.28/; sid:900607927; rev:1;) alert tcp $HOME_NET any -> [39.44.150.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.150.120/; sid:900607928; rev:1;) alert tcp $HOME_NET any -> [103.17.101.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.17.101.139/; sid:900607929; rev:1;) alert tcp $HOME_NET any -> [45.128.149.42] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.128.149.42/; sid:900607930; rev:1;) alert tcp $HOME_NET any -> [194.40.243.169] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.40.243.169/; sid:900607931; rev:1;) alert tcp $HOME_NET any -> [185.202.173.150] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.173.150/; sid:900607932; rev:1;) alert tcp $HOME_NET any -> [139.64.13.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.64.13.189/; sid:900607933; rev:1;) alert tcp $HOME_NET any -> [31.215.116.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.116.182/; sid:900607934; rev:1;) alert tcp $HOME_NET any -> [86.98.156.45] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.45/; sid:900607935; rev:1;) alert tcp $HOME_NET any -> [212.34.15.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.34.15.205/; sid:900607936; rev:1;) alert tcp $HOME_NET any -> [31.215.206.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.206.13/; sid:900607938; rev:1;) alert tcp $HOME_NET any -> [31.215.116.182] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.116.182/; sid:900607939; rev:1;) alert tcp $HOME_NET any -> [66.230.104.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.230.104.103/; sid:900607940; rev:1;) alert tcp $HOME_NET any -> [39.49.5.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.5.42/; sid:900607941; rev:1;) alert tcp $HOME_NET any -> [161.142.54.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.54.62/; sid:900607942; rev:1;) alert tcp $HOME_NET any -> [86.198.170.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.198.170.170/; sid:900607943; rev:1;) alert tcp $HOME_NET any -> [175.137.153.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.137.153.178/; sid:900607944; rev:1;) alert tcp $HOME_NET any -> [1.161.88.84] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.88.84/; sid:900607945; rev:1;) alert tcp $HOME_NET any -> [95.14.104.242] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.14.104.242/; sid:900607946; rev:1;) alert tcp $HOME_NET any -> [86.98.156.24] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.24/; sid:900607947; rev:1;) alert tcp $HOME_NET any -> [86.98.49.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.49.16/; sid:900607948; rev:1;) alert tcp $HOME_NET any -> [197.89.20.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.20.13/; sid:900607949; rev:1;) alert tcp $HOME_NET any -> [1.161.88.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.88.84/; sid:900607950; rev:1;) alert tcp $HOME_NET any -> [188.55.243.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.243.70/; sid:900607951; rev:1;) alert tcp $HOME_NET any -> [217.128.122.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.122.65/; sid:900607952; rev:1;) alert tcp $HOME_NET any -> [86.97.247.79] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.79/; sid:900607953; rev:1;) alert tcp $HOME_NET any -> [86.97.247.79] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.79/; sid:900607954; rev:1;) alert tcp $HOME_NET any -> [75.99.168.194] 61201 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900607955; rev:1;) alert tcp $HOME_NET any -> [47.180.172.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.172.159/; sid:900607956; rev:1;) alert tcp $HOME_NET any -> [89.211.191.219] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.191.219/; sid:900607957; rev:1;) alert tcp $HOME_NET any -> [39.49.125.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.125.85/; sid:900607958; rev:1;) alert tcp $HOME_NET any -> [47.180.172.159] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.172.159/; sid:900607959; rev:1;) alert tcp $HOME_NET any -> [196.206.66.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.206.66.89/; sid:900607960; rev:1;) alert tcp $HOME_NET any -> [75.99.168.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900607961; rev:1;) alert tcp $HOME_NET any -> [206.217.0.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.217.0.154/; sid:900607962; rev:1;) alert tcp $HOME_NET any -> [184.149.30.83] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.30.83/; sid:900607963; rev:1;) alert tcp $HOME_NET any -> [105.184.116.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.116.32/; sid:900607964; rev:1;) alert tcp $HOME_NET any -> [208.107.221.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.221.224/; sid:900607965; rev:1;) alert tcp $HOME_NET any -> [189.146.51.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.51.56/; sid:900607966; rev:1;) alert tcp $HOME_NET any -> [45.241.208.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.208.225/; sid:900607967; rev:1;) alert tcp $HOME_NET any -> [197.92.132.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.132.79/; sid:900607968; rev:1;) alert tcp $HOME_NET any -> [102.47.31.216] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.47.31.216/; sid:900607969; rev:1;) alert tcp $HOME_NET any -> [186.64.87.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.194/; sid:900607970; rev:1;) alert tcp $HOME_NET any -> [173.174.216.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.174.216.62/; sid:900607971; rev:1;) alert tcp $HOME_NET any -> [173.220.98.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.220.98.101/; sid:900607972; rev:1;) alert tcp $HOME_NET any -> [89.211.179.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.179.202/; sid:900607973; rev:1;) alert tcp $HOME_NET any -> [176.45.252.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.252.83/; sid:900607974; rev:1;) alert tcp $HOME_NET any -> [200.104.16.99] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.104.16.99/; sid:900607975; rev:1;) alert tcp $HOME_NET any -> [177.204.115.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.204.115.148/; sid:900607976; rev:1;) alert tcp $HOME_NET any -> [86.98.11.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.11.110/; sid:900607977; rev:1;) alert tcp $HOME_NET any -> [78.101.202.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.202.183/; sid:900607978; rev:1;) alert tcp $HOME_NET any -> [82.41.63.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.41.63.217/; sid:900607979; rev:1;) alert tcp $HOME_NET any -> [180.183.99.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.99.37/; sid:900607980; rev:1;) alert tcp $HOME_NET any -> [119.158.116.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.116.122/; sid:900607981; rev:1;) alert tcp $HOME_NET any -> [116.72.55.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.55.13/; sid:900607982; rev:1;) alert tcp $HOME_NET any -> [217.164.117.243] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.243/; sid:900607983; rev:1;) alert tcp $HOME_NET any -> [217.164.117.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.243/; sid:900607984; rev:1;) alert tcp $HOME_NET any -> [5.2.67.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.67.108/; sid:900607985; rev:1;) alert tcp $HOME_NET any -> [80.92.204.176] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.92.204.176/; sid:900607986; rev:1;) alert tcp $HOME_NET any -> [137.74.104.103] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.104.103/; sid:900607987; rev:1;) alert tcp $HOME_NET any -> [217.165.146.122] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.122/; sid:900607988; rev:1;) alert tcp $HOME_NET any -> [103.87.95.131] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.95.131/; sid:900607989; rev:1;) alert tcp $HOME_NET any -> [144.202.2.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900607990; rev:1;) alert tcp $HOME_NET any -> [161.142.53.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.53.137/; sid:900607991; rev:1;) alert tcp $HOME_NET any -> [78.101.82.120] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.120/; sid:900607992; rev:1;) alert tcp $HOME_NET any -> [144.202.2.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900607993; rev:1;) alert tcp $HOME_NET any -> [78.101.202.183] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.202.183/; sid:900607994; rev:1;) alert tcp $HOME_NET any -> [47.23.89.60] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.60/; sid:900607995; rev:1;) alert tcp $HOME_NET any -> [197.165.161.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.165.161.159/; sid:900607996; rev:1;) alert tcp $HOME_NET any -> [37.211.189.48] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.189.48/; sid:900607997; rev:1;) alert tcp $HOME_NET any -> [41.232.210.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.232.210.78/; sid:900607998; rev:1;) alert tcp $HOME_NET any -> [61.7.231.229] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.7.231.229/; sid:900607999; rev:1;) alert tcp $HOME_NET any -> [61.7.231.226] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.7.231.226/; sid:900608000; rev:1;) alert tcp $HOME_NET any -> [50.30.40.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.30.40.196/; sid:900608001; rev:1;) alert tcp $HOME_NET any -> [175.107.196.192] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.196.192/; sid:900608002; rev:1;) alert tcp $HOME_NET any -> [156.67.219.84] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.219.84/; sid:900608003; rev:1;) alert tcp $HOME_NET any -> [124.41.193.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.193.166/; sid:900608004; rev:1;) alert tcp $HOME_NET any -> [116.74.71.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.71.73/; sid:900608005; rev:1;) alert tcp $HOME_NET any -> [188.50.250.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.250.205/; sid:900608006; rev:1;) alert tcp $HOME_NET any -> [190.189.33.6] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.33.6/; sid:900608007; rev:1;) alert tcp $HOME_NET any -> [79.143.181.160] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.181.160/; sid:900608008; rev:1;) alert tcp $HOME_NET any -> [134.209.156.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.156.68/; sid:900608009; rev:1;) alert tcp $HOME_NET any -> [103.96.220.147] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.96.220.147/; sid:900608010; rev:1;) alert tcp $HOME_NET any -> [128.106.123.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.43/; sid:900608011; rev:1;) alert tcp $HOME_NET any -> [196.203.37.215] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.203.37.215/; sid:900608012; rev:1;) alert tcp $HOME_NET any -> [135.148.121.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.148.121.246/; sid:900608013; rev:1;) alert tcp $HOME_NET any -> [213.190.4.223] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.190.4.223/; sid:900608014; rev:1;) alert tcp $HOME_NET any -> [159.65.253.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.253.201/; sid:900608015; rev:1;) alert tcp $HOME_NET any -> [150.95.20.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900608016; rev:1;) alert tcp $HOME_NET any -> [103.44.138.22] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.44.138.22/; sid:900608017; rev:1;) alert tcp $HOME_NET any -> [46.41.130.218] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900608018; rev:1;) alert tcp $HOME_NET any -> [130.164.206.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.206.70/; sid:900608019; rev:1;) alert tcp $HOME_NET any -> [153.126.203.229] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900608020; rev:1;) alert tcp $HOME_NET any -> [138.185.72.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.72.26/; sid:900608021; rev:1;) alert tcp $HOME_NET any -> [45.71.195.106] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.71.195.106/; sid:900608022; rev:1;) alert tcp $HOME_NET any -> [68.183.62.61] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.62.61/; sid:900608023; rev:1;) alert tcp $HOME_NET any -> [46.176.197.48] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.197.48/; sid:900608024; rev:1;) alert tcp $HOME_NET any -> [5.252.177.62] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.177.62/; sid:900608025; rev:1;) alert tcp $HOME_NET any -> [169.197.131.16] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.197.131.16/; sid:900608026; rev:1;) alert tcp $HOME_NET any -> [195.154.253.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.253.60/; sid:900608027; rev:1;) alert tcp $HOME_NET any -> [152.89.239.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.239.34/; sid:900608028; rev:1;) alert tcp $HOME_NET any -> [47.158.25.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.158.25.67/; sid:900608029; rev:1;) alert tcp $HOME_NET any -> [185.244.166.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.166.137/; sid:900608030; rev:1;) alert tcp $HOME_NET any -> [70.57.207.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.207.83/; sid:900608031; rev:1;) alert tcp $HOME_NET any -> [136.243.32.168] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.32.168/; sid:900608032; rev:1;) alert tcp $HOME_NET any -> [198.211.51.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.211.51.201/; sid:900608033; rev:1;) alert tcp $HOME_NET any -> [81.213.206.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.206.182/; sid:900608034; rev:1;) alert tcp $HOME_NET any -> [103.230.180.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.230.180.119/; sid:900608035; rev:1;) alert tcp $HOME_NET any -> [5.88.12.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.12.21/; sid:900608036; rev:1;) alert tcp $HOME_NET any -> [193.253.44.249] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.44.249/; sid:900608037; rev:1;) alert tcp $HOME_NET any -> [176.110.96.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.110.96.225/; sid:900608038; rev:1;) alert tcp $HOME_NET any -> [76.70.9.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.70.9.169/; sid:900608039; rev:1;) alert tcp $HOME_NET any -> [89.211.185.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.185.240/; sid:900608040; rev:1;) alert tcp $HOME_NET any -> [31.215.84.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.84.57/; sid:900608041; rev:1;) alert tcp $HOME_NET any -> [2.50.27.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.27.78/; sid:900608042; rev:1;) alert tcp $HOME_NET any -> [78.100.194.138] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.194.138/; sid:900608043; rev:1;) alert tcp $HOME_NET any -> [139.228.65.100] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.228.65.100/; sid:900608044; rev:1;) alert tcp $HOME_NET any -> [220.129.52.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.129.52.36/; sid:900608045; rev:1;) alert tcp $HOME_NET any -> [41.43.13.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.43.13.54/; sid:900608046; rev:1;) alert tcp $HOME_NET any -> [76.69.155.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.155.202/; sid:900608047; rev:1;) alert tcp $HOME_NET any -> [189.253.111.123] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.111.123/; sid:900608048; rev:1;) alert tcp $HOME_NET any -> [70.51.153.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.159/; sid:900608049; rev:1;) alert tcp $HOME_NET any -> [105.184.249.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.249.182/; sid:900608050; rev:1;) alert tcp $HOME_NET any -> [216.46.32.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.46.32.83/; sid:900608051; rev:1;) alert tcp $HOME_NET any -> [201.103.17.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.17.10/; sid:900608052; rev:1;) alert tcp $HOME_NET any -> [208.101.87.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.101.87.135/; sid:900608053; rev:1;) alert tcp $HOME_NET any -> [78.191.34.56] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.34.56/; sid:900608054; rev:1;) alert tcp $HOME_NET any -> [47.156.191.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.191.217/; sid:900608055; rev:1;) alert tcp $HOME_NET any -> [141.237.140.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.140.181/; sid:900608056; rev:1;) alert tcp $HOME_NET any -> [168.235.104.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.104.209/; sid:900608057; rev:1;) alert tcp $HOME_NET any -> [121.74.187.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.187.191/; sid:900608058; rev:1;) alert tcp $HOME_NET any -> [58.105.167.35] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.105.167.35/; sid:900608059; rev:1;) alert tcp $HOME_NET any -> [128.106.122.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.206/; sid:900608060; rev:1;) alert tcp $HOME_NET any -> [39.41.139.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.139.127/; sid:900608061; rev:1;) alert tcp $HOME_NET any -> [180.183.100.147] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.100.147/; sid:900608062; rev:1;) alert tcp $HOME_NET any -> [39.52.38.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.38.109/; sid:900608063; rev:1;) alert tcp $HOME_NET any -> [86.98.156.238] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.238/; sid:900608064; rev:1;) alert tcp $HOME_NET any -> [39.44.124.140] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.124.140/; sid:900608065; rev:1;) alert tcp $HOME_NET any -> [197.89.109.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.221/; sid:900608066; rev:1;) alert tcp $HOME_NET any -> [75.67.194.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.194.204/; sid:900608067; rev:1;) alert tcp $HOME_NET any -> [167.86.202.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.202.26/; sid:900608068; rev:1;) alert tcp $HOME_NET any -> [197.167.46.225] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.46.225/; sid:900608069; rev:1;) alert tcp $HOME_NET any -> [197.167.46.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.46.225/; sid:900608070; rev:1;) alert tcp $HOME_NET any -> [197.164.171.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.171.102/; sid:900608071; rev:1;) alert tcp $HOME_NET any -> [80.14.188.219] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.14.188.219/; sid:900608072; rev:1;) alert tcp $HOME_NET any -> [39.49.63.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.63.64/; sid:900608073; rev:1;) alert tcp $HOME_NET any -> [39.44.58.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.58.183/; sid:900608074; rev:1;) alert tcp $HOME_NET any -> [80.123.141.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.123.141.226/; sid:900608075; rev:1;) alert tcp $HOME_NET any -> [63.153.150.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.150.20/; sid:900608076; rev:1;) alert tcp $HOME_NET any -> [102.156.225.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.225.86/; sid:900608077; rev:1;) alert tcp $HOME_NET any -> [86.97.247.128] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.128/; sid:900608078; rev:1;) alert tcp $HOME_NET any -> [86.97.247.128] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.128/; sid:900608079; rev:1;) alert tcp $HOME_NET any -> [151.69.0.8] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.69.0.8/; sid:900608080; rev:1;) alert tcp $HOME_NET any -> [176.45.240.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.240.198/; sid:900608081; rev:1;) alert tcp $HOME_NET any -> [105.157.113.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.157.113.234/; sid:900608082; rev:1;) alert tcp $HOME_NET any -> [80.11.74.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.74.81/; sid:900608083; rev:1;) alert tcp $HOME_NET any -> [176.88.238.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.88.238.122/; sid:900608084; rev:1;) alert tcp $HOME_NET any -> [186.64.67.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.40/; sid:900608085; rev:1;) alert tcp $HOME_NET any -> [102.140.70.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.70.201/; sid:900608086; rev:1;) alert tcp $HOME_NET any -> [24.55.67.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.67.176/; sid:900608087; rev:1;) alert tcp $HOME_NET any -> [209.15.236.39] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.15.236.39/; sid:900608089; rev:1;) alert tcp $HOME_NET any -> [162.244.80.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.80.68/; sid:900608090; rev:1;) alert tcp $HOME_NET any -> [168.119.39.118] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.119.39.118/; sid:900608091; rev:1;) alert tcp $HOME_NET any -> [207.99.27.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.99.27.28/; sid:900608092; rev:1;) alert tcp $HOME_NET any -> [147.139.134.226] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.139.134.226/; sid:900608093; rev:1;) alert tcp $HOME_NET any -> [191.99.191.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.191.28/; sid:900608094; rev:1;) alert tcp $HOME_NET any -> [118.189.242.45] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.189.242.45/; sid:900608095; rev:1;) alert tcp $HOME_NET any -> [118.161.12.23] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.12.23/; sid:900608096; rev:1;) alert tcp $HOME_NET any -> [111.125.245.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.245.118/; sid:900608097; rev:1;) alert tcp $HOME_NET any -> [31.215.70.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.101/; sid:900608098; rev:1;) alert tcp $HOME_NET any -> [81.229.130.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.229.130.188/; sid:900608099; rev:1;) alert tcp $HOME_NET any -> [186.69.101.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.69.101.54/; sid:900608100; rev:1;) alert tcp $HOME_NET any -> [91.177.173.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.177.173.10/; sid:900608101; rev:1;) alert tcp $HOME_NET any -> [2.50.37.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.37.117/; sid:900608102; rev:1;) alert tcp $HOME_NET any -> [176.57.126.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.57.126.138/; sid:900608103; rev:1;) alert tcp $HOME_NET any -> [86.98.149.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.149.6/; sid:900608104; rev:1;) alert tcp $HOME_NET any -> [188.50.5.129] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.5.129/; sid:900608105; rev:1;) alert tcp $HOME_NET any -> [98.17.34.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.17.34.83/; sid:900608106; rev:1;) alert tcp $HOME_NET any -> [217.164.117.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.158/; sid:900608107; rev:1;) alert tcp $HOME_NET any -> [92.99.229.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.229.158/; sid:900608108; rev:1;) alert tcp $HOME_NET any -> [47.156.131.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.131.10/; sid:900608109; rev:1;) alert tcp $HOME_NET any -> [139.180.205.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.180.205.161/; sid:900608110; rev:1;) alert tcp $HOME_NET any -> [72.12.115.90] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.115.90/; sid:900608111; rev:1;) alert tcp $HOME_NET any -> [217.182.143.207] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.143.207/; sid:900608112; rev:1;) alert tcp $HOME_NET any -> [209.126.98.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.98.206/; sid:900608113; rev:1;) alert tcp $HOME_NET any -> [186.250.48.5] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.5/; sid:900608114; rev:1;) alert tcp $HOME_NET any -> [119.158.98.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.98.225/; sid:900608115; rev:1;) alert tcp $HOME_NET any -> [118.161.12.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.12.23/; sid:900608116; rev:1;) alert tcp $HOME_NET any -> [183.82.103.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.103.213/; sid:900608117; rev:1;) alert tcp $HOME_NET any -> [89.249.215.26] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.249.215.26/; sid:900608118; rev:1;) alert tcp $HOME_NET any -> [5.95.58.211] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.95.58.211/; sid:900608119; rev:1;) alert tcp $HOME_NET any -> [51.254.140.238] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900608120; rev:1;) alert tcp $HOME_NET any -> [103.75.201.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.2/; sid:900608121; rev:1;) alert tcp $HOME_NET any -> [119.235.255.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.235.255.201/; sid:900608122; rev:1;) alert tcp $HOME_NET any -> [197.2.10.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.10.67/; sid:900608123; rev:1;) alert tcp $HOME_NET any -> [39.49.3.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.3.69/; sid:900608124; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900608125; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900608126; rev:1;) alert tcp $HOME_NET any -> [86.195.158.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.158.178/; sid:900608127; rev:1;) alert tcp $HOME_NET any -> [94.59.139.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.139.37/; sid:900608128; rev:1;) alert tcp $HOME_NET any -> [173.170.224.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.170.224.168/; sid:900608129; rev:1;) alert tcp $HOME_NET any -> [105.225.173.49] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.173.49/; sid:900608130; rev:1;) alert tcp $HOME_NET any -> [201.170.176.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.176.129/; sid:900608131; rev:1;) alert tcp $HOME_NET any -> [70.46.220.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.220.114/; sid:900608132; rev:1;) alert tcp $HOME_NET any -> [210.246.4.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.246.4.69/; sid:900608133; rev:1;) alert tcp $HOME_NET any -> [162.241.79.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.79.26/; sid:900608134; rev:1;) alert tcp $HOME_NET any -> [186.250.48.117] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900608135; rev:1;) alert tcp $HOME_NET any -> [128.106.123.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.103/; sid:900608136; rev:1;) alert tcp $HOME_NET any -> [64.231.210.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.210.71/; sid:900608138; rev:1;) alert tcp $HOME_NET any -> [197.89.17.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.163/; sid:900608139; rev:1;) alert tcp $HOME_NET any -> [177.87.70.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.70.10/; sid:900608140; rev:1;) alert tcp $HOME_NET any -> [176.56.128.118] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.56.128.118/; sid:900608141; rev:1;) alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900608142; rev:1;) alert tcp $HOME_NET any -> [86.139.33.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.33.187/; sid:900608143; rev:1;) alert tcp $HOME_NET any -> [144.86.64.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.64.220/; sid:900608144; rev:1;) alert tcp $HOME_NET any -> [86.98.148.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.148.83/; sid:900608145; rev:1;) alert tcp $HOME_NET any -> [175.145.235.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.145.235.37/; sid:900608147; rev:1;) alert tcp $HOME_NET any -> [51.75.33.122] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.122/; sid:900608148; rev:1;) alert tcp $HOME_NET any -> [72.27.73.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.73.206/; sid:900608149; rev:1;) alert tcp $HOME_NET any -> [75.159.9.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.9.236/; sid:900608150; rev:1;) alert tcp $HOME_NET any -> [217.165.122.227] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.122.227/; sid:900608151; rev:1;) alert tcp $HOME_NET any -> [186.10.247.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.247.110/; sid:900608152; rev:1;) alert tcp $HOME_NET any -> [217.165.79.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.79.31/; sid:900608153; rev:1;) alert tcp $HOME_NET any -> [207.170.238.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.170.238.231/; sid:900608154; rev:1;) alert tcp $HOME_NET any -> [24.43.99.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.99.75/; sid:900608155; rev:1;) alert tcp $HOME_NET any -> [47.23.89.61] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.61/; sid:900608156; rev:1;) alert tcp $HOME_NET any -> [47.23.89.61] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.61/; sid:900608157; rev:1;) alert tcp $HOME_NET any -> [217.165.79.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.79.31/; sid:900608158; rev:1;) alert tcp $HOME_NET any -> [69.159.200.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.200.138/; sid:900608159; rev:1;) alert tcp $HOME_NET any -> [119.158.105.8] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.105.8/; sid:900608160; rev:1;) alert tcp $HOME_NET any -> [118.161.37.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.138/; sid:900608161; rev:1;) alert tcp $HOME_NET any -> [217.165.85.106] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.106/; sid:900608162; rev:1;) alert tcp $HOME_NET any -> [217.165.68.124] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.124/; sid:900608163; rev:1;) alert tcp $HOME_NET any -> [118.161.37.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.138/; sid:900608164; rev:1;) alert tcp $HOME_NET any -> [86.97.209.65] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.209.65/; sid:900608165; rev:1;) alert tcp $HOME_NET any -> [197.89.109.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.129/; sid:900608166; rev:1;) alert tcp $HOME_NET any -> [105.186.100.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.100.243/; sid:900608167; rev:1;) alert tcp $HOME_NET any -> [197.164.168.41] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.168.41/; sid:900608168; rev:1;) alert tcp $HOME_NET any -> [197.37.66.133] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.37.66.133/; sid:900608169; rev:1;) alert tcp $HOME_NET any -> [39.52.217.44] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.217.44/; sid:900608170; rev:1;) alert tcp $HOME_NET any -> [187.59.18.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.59.18.65/; sid:900608171; rev:1;) alert tcp $HOME_NET any -> [191.112.19.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.19.94/; sid:900608172; rev:1;) alert tcp $HOME_NET any -> [162.214.118.104] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.118.104/; sid:900608173; rev:1;) alert tcp $HOME_NET any -> [217.182.143.248] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.143.248/; sid:900608174; rev:1;) alert tcp $HOME_NET any -> [146.59.226.45] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.226.45/; sid:900608175; rev:1;) alert tcp $HOME_NET any -> [185.4.135.27] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.27/; sid:900608176; rev:1;) alert tcp $HOME_NET any -> [192.99.251.50] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.251.50/; sid:900608177; rev:1;) alert tcp $HOME_NET any -> [187.170.7.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.170.7.81/; sid:900608178; rev:1;) alert tcp $HOME_NET any -> [189.253.32.61] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.32.61/; sid:900608179; rev:1;) alert tcp $HOME_NET any -> [176.253.27.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.253.27.51/; sid:900608180; rev:1;) alert tcp $HOME_NET any -> [217.79.180.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.180.211/; sid:900608181; rev:1;) alert tcp $HOME_NET any -> [51.210.176.76] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.176.76/; sid:900608182; rev:1;) alert tcp $HOME_NET any -> [104.251.215.148] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.251.215.148/; sid:900608183; rev:1;) alert tcp $HOME_NET any -> [24.152.37.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.37.138/; sid:900608184; rev:1;) alert tcp $HOME_NET any -> [45.63.1.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900608185; rev:1;) alert tcp $HOME_NET any -> [149.28.238.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900608186; rev:1;) alert tcp $HOME_NET any -> [45.76.167.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900608187; rev:1;) alert tcp $HOME_NET any -> [144.202.3.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900608188; rev:1;) alert tcp $HOME_NET any -> [144.202.3.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900608189; rev:1;) alert tcp $HOME_NET any -> [149.28.238.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900608190; rev:1;) alert tcp $HOME_NET any -> [45.63.1.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900608191; rev:1;) alert tcp $HOME_NET any -> [45.76.167.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900608192; rev:1;) alert tcp $HOME_NET any -> [140.82.63.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900608193; rev:1;) alert tcp $HOME_NET any -> [140.82.63.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900608194; rev:1;) alert tcp $HOME_NET any -> [139.64.13.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.64.13.51/; sid:900608195; rev:1;) alert tcp $HOME_NET any -> [79.167.199.210] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.199.210/; sid:900608196; rev:1;) alert tcp $HOME_NET any -> [78.100.194.196] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.194.196/; sid:900608197; rev:1;) alert tcp $HOME_NET any -> [72.76.94.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.76.94.99/; sid:900608198; rev:1;) alert tcp $HOME_NET any -> [70.51.139.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.139.58/; sid:900608199; rev:1;) alert tcp $HOME_NET any -> [201.170.181.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.181.247/; sid:900608200; rev:1;) alert tcp $HOME_NET any -> [105.187.31.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.187.31.228/; sid:900608201; rev:1;) alert tcp $HOME_NET any -> [83.110.153.238] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.153.238/; sid:900608202; rev:1;) alert tcp $HOME_NET any -> [176.45.218.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.218.254/; sid:900608203; rev:1;) alert tcp $HOME_NET any -> [89.211.187.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.187.132/; sid:900608204; rev:1;) alert tcp $HOME_NET any -> [128.106.122.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.181/; sid:900608205; rev:1;) alert tcp $HOME_NET any -> [1.161.97.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.97.158/; sid:900608206; rev:1;) alert tcp $HOME_NET any -> [1.161.97.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.97.158/; sid:900608207; rev:1;) alert tcp $HOME_NET any -> [83.110.218.135] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.135/; sid:900608208; rev:1;) alert tcp $HOME_NET any -> [86.97.209.134] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.209.134/; sid:900608209; rev:1;) alert tcp $HOME_NET any -> [197.237.74.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.237.74.185/; sid:900608210; rev:1;) alert tcp $HOME_NET any -> [41.130.133.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.130.133.118/; sid:900608211; rev:1;) alert tcp $HOME_NET any -> [103.51.26.157] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.51.26.157/; sid:900608212; rev:1;) alert tcp $HOME_NET any -> [39.44.188.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.188.102/; sid:900608213; rev:1;) alert tcp $HOME_NET any -> [5.32.41.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.41.45/; sid:900608214; rev:1;) alert tcp $HOME_NET any -> [41.205.12.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.205.12.24/; sid:900608215; rev:1;) alert tcp $HOME_NET any -> [188.55.223.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.223.134/; sid:900608216; rev:1;) alert tcp $HOME_NET any -> [187.199.203.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.203.159/; sid:900608217; rev:1;) alert tcp $HOME_NET any -> [177.207.67.234] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.67.234/; sid:900608218; rev:1;) alert tcp $HOME_NET any -> [90.74.16.2] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.74.16.2/; sid:900608219; rev:1;) alert tcp $HOME_NET any -> [31.215.70.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.127/; sid:900608220; rev:1;) alert tcp $HOME_NET any -> [47.23.89.58] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.58/; sid:900608221; rev:1;) alert tcp $HOME_NET any -> [47.23.89.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.58/; sid:900608222; rev:1;) alert tcp $HOME_NET any -> [32.221.225.247] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.225.247/; sid:900608223; rev:1;) alert tcp $HOME_NET any -> [102.184.187.50] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.184.187.50/; sid:900608224; rev:1;) alert tcp $HOME_NET any -> [108.60.213.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.60.213.141/; sid:900608225; rev:1;) alert tcp $HOME_NET any -> [105.186.127.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.127.127/; sid:900608226; rev:1;) alert tcp $HOME_NET any -> [102.65.38.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.77/; sid:900608227; rev:1;) alert tcp $HOME_NET any -> [177.207.67.234] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.67.234/; sid:900608228; rev:1;) alert tcp $HOME_NET any -> [86.184.85.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.184.85.199/; sid:900608229; rev:1;) alert tcp $HOME_NET any -> [201.145.160.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.160.158/; sid:900608230; rev:1;) alert tcp $HOME_NET any -> [177.96.102.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.96.102.51/; sid:900608231; rev:1;) alert tcp $HOME_NET any -> [203.212.24.90] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.212.24.90/; sid:900608232; rev:1;) alert tcp $HOME_NET any -> [151.106.39.36] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.106.39.36/; sid:900608234; rev:1;) alert tcp $HOME_NET any -> [167.86.122.137] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.122.137/; sid:900608235; rev:1;) alert tcp $HOME_NET any -> [172.104.22.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.22.23/; sid:900608236; rev:1;) alert tcp $HOME_NET any -> [82.165.145.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900608237; rev:1;) alert tcp $HOME_NET any -> [80.241.218.90] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.218.90/; sid:900608238; rev:1;) alert tcp $HOME_NET any -> [78.100.227.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.227.241/; sid:900608239; rev:1;) alert tcp $HOME_NET any -> [88.250.126.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.126.28/; sid:900608240; rev:1;) alert tcp $HOME_NET any -> [39.49.32.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.32.57/; sid:900608241; rev:1;) alert tcp $HOME_NET any -> [86.98.27.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.27.253/; sid:900608242; rev:1;) alert tcp $HOME_NET any -> [217.164.119.130] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.130/; sid:900608243; rev:1;) alert tcp $HOME_NET any -> [114.24.93.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.24.93.121/; sid:900608244; rev:1;) alert tcp $HOME_NET any -> [86.97.8.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.82/; sid:900608245; rev:1;) alert tcp $HOME_NET any -> [83.110.154.202] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.154.202/; sid:900608246; rev:1;) alert tcp $HOME_NET any -> [130.164.154.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.154.59/; sid:900608247; rev:1;) alert tcp $HOME_NET any -> [161.142.56.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.56.113/; sid:900608248; rev:1;) alert tcp $HOME_NET any -> [197.37.7.47] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.37.7.47/; sid:900608249; rev:1;) alert tcp $HOME_NET any -> [70.51.135.39] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.135.39/; sid:900608250; rev:1;) alert tcp $HOME_NET any -> [79.143.186.143] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900608251; rev:1;) alert tcp $HOME_NET any -> [217.165.97.124] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.97.124/; sid:900608252; rev:1;) alert tcp $HOME_NET any -> [186.64.87.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.236/; sid:900608253; rev:1;) alert tcp $HOME_NET any -> [47.23.89.59] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.59/; sid:900608254; rev:1;) alert tcp $HOME_NET any -> [47.23.89.59] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.59/; sid:900608255; rev:1;) alert tcp $HOME_NET any -> [213.32.75.32] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.75.32/; sid:900608256; rev:1;) alert tcp $HOME_NET any -> [191.252.1.14] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.1.14/; sid:900608257; rev:1;) alert tcp $HOME_NET any -> [54.36.185.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.185.63/; sid:900608258; rev:1;) alert tcp $HOME_NET any -> [103.253.145.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.145.28/; sid:900608259; rev:1;) alert tcp $HOME_NET any -> [113.11.89.170] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.89.170/; sid:900608260; rev:1;) alert tcp $HOME_NET any -> [197.89.109.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.218/; sid:900608261; rev:1;) alert tcp $HOME_NET any -> [217.164.119.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.130/; sid:900608262; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608263; rev:1;) alert tcp $HOME_NET any -> [45.241.168.197] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.168.197/; sid:900608264; rev:1;) alert tcp $HOME_NET any -> [47.51.47.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.51.47.182/; sid:900608265; rev:1;) alert tcp $HOME_NET any -> [37.186.54.166] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.166/; sid:900608266; rev:1;) alert tcp $HOME_NET any -> [2.34.12.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.34.12.8/; sid:900608267; rev:1;) alert tcp $HOME_NET any -> [41.130.134.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.130.134.201/; sid:900608268; rev:1;) alert tcp $HOME_NET any -> [195.32.57.18] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.32.57.18/; sid:900608269; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608270; rev:1;) alert tcp $HOME_NET any -> [209.180.70.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.180.70.25/; sid:900608271; rev:1;) alert tcp $HOME_NET any -> [41.84.243.150] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.243.150/; sid:900608272; rev:1;) alert tcp $HOME_NET any -> [177.207.108.236] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.108.236/; sid:900608273; rev:1;) alert tcp $HOME_NET any -> [39.49.71.173] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.71.173/; sid:900608274; rev:1;) alert tcp $HOME_NET any -> [1.161.80.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.70/; sid:900608275; rev:1;) alert tcp $HOME_NET any -> [177.207.108.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.108.236/; sid:900608276; rev:1;) alert tcp $HOME_NET any -> [201.172.31.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.31.135/; sid:900608277; rev:1;) alert tcp $HOME_NET any -> [191.112.22.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.22.95/; sid:900608278; rev:1;) alert tcp $HOME_NET any -> [141.237.90.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.90.158/; sid:900608279; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608280; rev:1;) alert tcp $HOME_NET any -> [39.33.151.166] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.151.166/; sid:900608281; rev:1;) alert tcp $HOME_NET any -> [45.76.1.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.1.145/; sid:900608282; rev:1;) alert tcp $HOME_NET any -> [217.182.25.250] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.25.250/; sid:900608283; rev:1;) alert tcp $HOME_NET any -> [119.193.124.41] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.193.124.41/; sid:900608284; rev:1;) alert tcp $HOME_NET any -> [165.22.61.235] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.61.235/; sid:900608285; rev:1;) alert tcp $HOME_NET any -> [121.78.112.42] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.78.112.42/; sid:900608286; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900608287; rev:1;) alert tcp $HOME_NET any -> [128.106.123.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.180/; sid:900608288; rev:1;) alert tcp $HOME_NET any -> [39.44.151.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.151.33/; sid:900608289; rev:1;) alert tcp $HOME_NET any -> [185.184.25.234] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900608290; rev:1;) alert tcp $HOME_NET any -> [116.125.120.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.125.120.88/; sid:900608291; rev:1;) alert tcp $HOME_NET any -> [129.208.30.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.30.2/; sid:900608292; rev:1;) alert tcp $HOME_NET any -> [79.33.90.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.33.90.109/; sid:900608293; rev:1;) alert tcp $HOME_NET any -> [102.140.70.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.70.139/; sid:900608294; rev:1;) alert tcp $HOME_NET any -> [47.23.89.62] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900608295; rev:1;) alert tcp $HOME_NET any -> [47.23.89.62] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900608296; rev:1;) alert tcp $HOME_NET any -> [172.115.177.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.177.204/; sid:900608297; rev:1;) alert tcp $HOME_NET any -> [174.69.215.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.69.215.101/; sid:900608298; rev:1;) alert tcp $HOME_NET any -> [201.103.6.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.6.221/; sid:900608299; rev:1;) alert tcp $HOME_NET any -> [1.161.80.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.70/; sid:900608300; rev:1;) alert tcp $HOME_NET any -> [217.165.109.52] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.52/; sid:900608301; rev:1;) alert tcp $HOME_NET any -> [197.89.8.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.135/; sid:900608302; rev:1;) alert tcp $HOME_NET any -> [2.42.176.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.42.176.91/; sid:900608303; rev:1;) alert tcp $HOME_NET any -> [180.129.97.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.97.57/; sid:900608304; rev:1;) alert tcp $HOME_NET any -> [197.167.5.180] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.5.180/; sid:900608305; rev:1;) alert tcp $HOME_NET any -> [131.154.102.171] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.154.102.171/; sid:900608306; rev:1;) alert tcp $HOME_NET any -> [5.81.177.71] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.81.177.71/; sid:900608307; rev:1;) alert tcp $HOME_NET any -> [201.22.44.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.22.44.214/; sid:900608308; rev:1;) alert tcp $HOME_NET any -> [47.145.130.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.145.130.171/; sid:900608309; rev:1;) alert tcp $HOME_NET any -> [39.41.189.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.189.204/; sid:900608310; rev:1;) alert tcp $HOME_NET any -> [110.143.139.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.139.163/; sid:900608311; rev:1;) alert tcp $HOME_NET any -> [45.239.129.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.129.13/; sid:900608312; rev:1;) alert tcp $HOME_NET any -> [189.237.6.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.6.251/; sid:900608313; rev:1;) alert tcp $HOME_NET any -> [82.51.28.59] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.51.28.59/; sid:900608314; rev:1;) alert tcp $HOME_NET any -> [76.106.248.8] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.106.248.8/; sid:900608315; rev:1;) alert tcp $HOME_NET any -> [149.56.128.192] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.128.192/; sid:900608316; rev:1;) alert tcp $HOME_NET any -> [120.50.40.183] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.50.40.183/; sid:900608317; rev:1;) alert tcp $HOME_NET any -> [160.16.218.63] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.218.63/; sid:900608318; rev:1;) alert tcp $HOME_NET any -> [80.211.107.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.107.116/; sid:900608319; rev:1;) alert tcp $HOME_NET any -> [188.166.229.148] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.229.148/; sid:900608320; rev:1;) alert tcp $HOME_NET any -> [128.106.122.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.216/; sid:900608321; rev:1;) alert tcp $HOME_NET any -> [103.88.226.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.88.226.82/; sid:900608322; rev:1;) alert tcp $HOME_NET any -> [77.211.24.73] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.211.24.73/; sid:900608323; rev:1;) alert tcp $HOME_NET any -> [86.131.118.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.131.118.124/; sid:900608326; rev:1;) alert tcp $HOME_NET any -> [120.61.1.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.1.53/; sid:900608328; rev:1;) alert tcp $HOME_NET any -> [138.197.90.158] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.90.158/; sid:900608329; rev:1;) alert tcp $HOME_NET any -> [109.160.96.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.160.96.230/; sid:900608330; rev:1;) alert tcp $HOME_NET any -> [103.85.160.5] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.85.160.5/; sid:900608331; rev:1;) alert tcp $HOME_NET any -> [79.52.204.9] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.52.204.9/; sid:900608332; rev:1;) alert tcp $HOME_NET any -> [40.134.246.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.246.185/; sid:900608333; rev:1;) alert tcp $HOME_NET any -> [78.188.76.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.76.167/; sid:900608334; rev:1;) alert tcp $HOME_NET any -> [200.100.246.85] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.100.246.85/; sid:900608335; rev:1;) alert tcp $HOME_NET any -> [202.134.152.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.152.2/; sid:900608336; rev:1;) alert tcp $HOME_NET any -> [161.142.56.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.56.8/; sid:900608337; rev:1;) alert tcp $HOME_NET any -> [37.152.80.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.80.105/; sid:900608338; rev:1;) alert tcp $HOME_NET any -> [102.140.71.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.40/; sid:900608339; rev:1;) alert tcp $HOME_NET any -> [188.50.49.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.49.149/; sid:900608340; rev:1;) alert tcp $HOME_NET any -> [197.92.138.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.138.54/; sid:900608341; rev:1;) alert tcp $HOME_NET any -> [143.0.34.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.34.185/; sid:900608342; rev:1;) alert tcp $HOME_NET any -> [177.134.208.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.134.208.155/; sid:900608343; rev:1;) alert tcp $HOME_NET any -> [31.215.69.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.127/; sid:900608344; rev:1;) alert tcp $HOME_NET any -> [51.91.76.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900608345; rev:1;) alert tcp $HOME_NET any -> [173.254.208.91] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.254.208.91/; sid:900608346; rev:1;) alert tcp $HOME_NET any -> [121.74.182.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.182.236/; sid:900608347; rev:1;) alert tcp $HOME_NET any -> [79.172.212.216] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.212.216/; sid:900608348; rev:1;) alert tcp $HOME_NET any -> [58.227.42.236] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.227.42.236/; sid:900608349; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900608350; rev:1;) alert tcp $HOME_NET any -> [206.188.212.92] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.212.92/; sid:900608351; rev:1;) alert tcp $HOME_NET any -> [78.31.66.214] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.31.66.214/; sid:900608352; rev:1;) alert tcp $HOME_NET any -> [134.209.240.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.102/; sid:900608353; rev:1;) alert tcp $HOME_NET any -> [178.79.146.220] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.146.220/; sid:900608354; rev:1;) alert tcp $HOME_NET any -> [191.252.204.81] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.204.81/; sid:900608355; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 8082 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900608356; rev:1;) alert tcp $HOME_NET any -> [142.93.214.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.214.232/; sid:900608357; rev:1;) alert tcp $HOME_NET any -> [165.22.246.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.246.219/; sid:900608358; rev:1;) alert tcp $HOME_NET any -> [54.38.143.246] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900608359; rev:1;) alert tcp $HOME_NET any -> [202.29.239.162] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.162/; sid:900608360; rev:1;) alert tcp $HOME_NET any -> [217.164.118.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.117/; sid:900608393; rev:1;) alert tcp $HOME_NET any -> [197.161.137.196] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.137.196/; sid:900608394; rev:1;) alert tcp $HOME_NET any -> [86.98.208.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.208.214/; sid:900608395; rev:1;) alert tcp $HOME_NET any -> [83.110.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.85.209/; sid:900608396; rev:1;) alert tcp $HOME_NET any -> [203.122.46.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.46.130/; sid:900608397; rev:1;) alert tcp $HOME_NET any -> [83.110.85.209] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.85.209/; sid:900608398; rev:1;) alert tcp $HOME_NET any -> [201.172.231.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.231.204/; sid:900608399; rev:1;) alert tcp $HOME_NET any -> [217.164.118.117] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.117/; sid:900608400; rev:1;) alert tcp $HOME_NET any -> [81.132.186.248] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.132.186.248/; sid:900608401; rev:1;) alert tcp $HOME_NET any -> [197.89.109.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.60/; sid:900608402; rev:1;) alert tcp $HOME_NET any -> [81.60.216.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.216.223/; sid:900608403; rev:1;) alert tcp $HOME_NET any -> [201.145.226.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.226.223/; sid:900608404; rev:1;) alert tcp $HOME_NET any -> [179.178.78.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.178.78.112/; sid:900608405; rev:1;) alert tcp $HOME_NET any -> [105.225.175.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.175.168/; sid:900608407; rev:1;) alert tcp $HOME_NET any -> [1.161.80.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.99/; sid:900608408; rev:1;) alert tcp $HOME_NET any -> [217.165.85.224] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.224/; sid:900608409; rev:1;) alert tcp $HOME_NET any -> [1.161.80.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.99/; sid:900608410; rev:1;) alert tcp $HOME_NET any -> [45.241.207.212] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.207.212/; sid:900608411; rev:1;) alert tcp $HOME_NET any -> [98.96.186.171] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.96.186.171/; sid:900608412; rev:1;) alert tcp $HOME_NET any -> [70.36.102.35] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.36.102.35/; sid:900608413; rev:1;) alert tcp $HOME_NET any -> [92.240.254.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.240.254.110/; sid:900608414; rev:1;) alert tcp $HOME_NET any -> [179.100.109.11] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.100.109.11/; sid:900608416; rev:1;) alert tcp $HOME_NET any -> [78.87.196.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.196.125/; sid:900608417; rev:1;) alert tcp $HOME_NET any -> [177.97.48.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.97.48.132/; sid:900608418; rev:1;) alert tcp $HOME_NET any -> [179.158.105.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.105.44/; sid:900608419; rev:1;) alert tcp $HOME_NET any -> [5.189.160.61] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.160.61/; sid:900608420; rev:1;) alert tcp $HOME_NET any -> [94.177.178.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.178.26/; sid:900608421; rev:1;) alert tcp $HOME_NET any -> [39.44.127.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.127.250/; sid:900608422; rev:1;) alert tcp $HOME_NET any -> [92.96.183.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.183.242/; sid:900608423; rev:1;) alert tcp $HOME_NET any -> [92.96.183.242] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.183.242/; sid:900608424; rev:1;) alert tcp $HOME_NET any -> [90.120.65.153] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.120.65.153/; sid:900608425; rev:1;) alert tcp $HOME_NET any -> [186.106.197.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.106.197.52/; sid:900608426; rev:1;) alert tcp $HOME_NET any -> [143.0.219.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.219.6/; sid:900608427; rev:1;) alert tcp $HOME_NET any -> [129.208.128.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.128.102/; sid:900608428; rev:1;) alert tcp $HOME_NET any -> [125.24.107.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.107.190/; sid:900608429; rev:1;) alert tcp $HOME_NET any -> [102.156.37.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.37.51/; sid:900608430; rev:1;) alert tcp $HOME_NET any -> [186.64.67.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.46/; sid:900608431; rev:1;) alert tcp $HOME_NET any -> [87.17.45.67] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.17.45.67/; sid:900608432; rev:1;) alert tcp $HOME_NET any -> [103.87.95.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.95.133/; sid:900608433; rev:1;) alert tcp $HOME_NET any -> [187.102.135.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.142/; sid:900608434; rev:1;) alert tcp $HOME_NET any -> [191.205.7.5] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.205.7.5/; sid:900608435; rev:1;) alert tcp $HOME_NET any -> [187.195.98.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.195.98.155/; sid:900608436; rev:1;) alert tcp $HOME_NET any -> [101.190.95.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.190.95.16/; sid:900608437; rev:1;) alert tcp $HOME_NET any -> [217.165.146.136] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.136/; sid:900608438; rev:1;) alert tcp $HOME_NET any -> [102.140.71.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.38/; sid:900608439; rev:1;) alert tcp $HOME_NET any -> [1.161.126.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.13/; sid:900608440; rev:1;) alert tcp $HOME_NET any -> [86.180.31.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.180.31.38/; sid:900608441; rev:1;) alert tcp $HOME_NET any -> [94.36.190.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.190.252/; sid:900608442; rev:1;) alert tcp $HOME_NET any -> [216.120.236.62] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.120.236.62/; sid:900608443; rev:1;) alert tcp $HOME_NET any -> [189.232.46.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.232.46.161/; sid:900608444; rev:1;) alert tcp $HOME_NET any -> [159.8.59.82] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900608445; rev:1;) alert tcp $HOME_NET any -> [50.116.19.225] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.19.225/; sid:900608446; rev:1;) alert tcp $HOME_NET any -> [88.198.131.5] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.198.131.5/; sid:900608447; rev:1;) alert tcp $HOME_NET any -> [1.161.126.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.13/; sid:900608448; rev:1;) alert tcp $HOME_NET any -> [81.60.217.44] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.217.44/; sid:900608449; rev:1;) alert tcp $HOME_NET any -> [85.1.164.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.1.164.37/; sid:900608450; rev:1;) alert tcp $HOME_NET any -> [45.55.63.166] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.63.166/; sid:900608451; rev:1;) alert tcp $HOME_NET any -> [31.215.185.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.59/; sid:900608452; rev:1;) alert tcp $HOME_NET any -> [79.129.121.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.121.68/; sid:900608453; rev:1;) alert tcp $HOME_NET any -> [75.113.214.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.214.234/; sid:900608454; rev:1;) alert tcp $HOME_NET any -> [129.208.19.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.19.253/; sid:900608455; rev:1;) alert tcp $HOME_NET any -> [103.88.226.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.88.226.30/; sid:900608456; rev:1;) alert tcp $HOME_NET any -> [78.101.91.50] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.91.50/; sid:900608457; rev:1;) alert tcp $HOME_NET any -> [45.241.152.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.152.155/; sid:900608458; rev:1;) alert tcp $HOME_NET any -> [119.158.111.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.111.142/; sid:900608459; rev:1;) alert tcp $HOME_NET any -> [39.57.23.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.23.5/; sid:900608460; rev:1;) alert tcp $HOME_NET any -> [87.139.163.216] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.139.163.216/; sid:900608461; rev:1;) alert tcp $HOME_NET any -> [200.58.84.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.84.99/; sid:900608462; rev:1;) alert tcp $HOME_NET any -> [39.44.144.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.144.159/; sid:900608463; rev:1;) alert tcp $HOME_NET any -> [102.65.38.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.90/; sid:900608464; rev:1;) alert tcp $HOME_NET any -> [82.84.66.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.84.66.211/; sid:900608465; rev:1;) alert tcp $HOME_NET any -> [31.215.185.59] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.59/; sid:900608466; rev:1;) alert tcp $HOME_NET any -> [112.199.148.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.199.148.55/; sid:900608467; rev:1;) alert tcp $HOME_NET any -> [70.51.132.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.235/; sid:900608468; rev:1;) alert tcp $HOME_NET any -> [189.237.58.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.58.13/; sid:900608469; rev:1;) alert tcp $HOME_NET any -> [120.61.2.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.2.215/; sid:900608470; rev:1;) alert tcp $HOME_NET any -> [195.201.151.129] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.151.129/; sid:900608471; rev:1;) alert tcp $HOME_NET any -> [79.143.187.147] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.187.147/; sid:900608472; rev:1;) alert tcp $HOME_NET any -> [159.203.141.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.141.156/; sid:900608473; rev:1;) alert tcp $HOME_NET any -> [92.132.135.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.135.233/; sid:900608474; rev:1;) alert tcp $HOME_NET any -> [66.98.42.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.98.42.102/; sid:900608475; rev:1;) alert tcp $HOME_NET any -> [39.49.106.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.106.26/; sid:900608476; rev:1;) alert tcp $HOME_NET any -> [191.249.126.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.249.126.43/; sid:900608477; rev:1;) alert tcp $HOME_NET any -> [187.58.245.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.245.168/; sid:900608478; rev:1;) alert tcp $HOME_NET any -> [94.59.56.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.162/; sid:900608479; rev:1;) alert tcp $HOME_NET any -> [70.51.134.168] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.168/; sid:900608480; rev:1;) alert tcp $HOME_NET any -> [94.59.56.162] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.162/; sid:900608481; rev:1;) alert tcp $HOME_NET any -> [176.104.106.96] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.104.106.96/; sid:900608482; rev:1;) alert tcp $HOME_NET any -> [46.198.215.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.215.60/; sid:900608483; rev:1;) alert tcp $HOME_NET any -> [187.251.132.155] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.251.132.155/; sid:900608484; rev:1;) alert tcp $HOME_NET any -> [201.211.64.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.64.196/; sid:900608485; rev:1;) alert tcp $HOME_NET any -> [190.252.242.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.242.69/; sid:900608486; rev:1;) alert tcp $HOME_NET any -> [39.33.197.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.197.68/; sid:900608487; rev:1;) alert tcp $HOME_NET any -> [187.208.97.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.97.145/; sid:900608488; rev:1;) alert tcp $HOME_NET any -> [64.121.162.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.121.162.220/; sid:900608489; rev:1;) alert tcp $HOME_NET any -> [138.197.109.175] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.109.175/; sid:900608490; rev:1;) alert tcp $HOME_NET any -> [45.176.232.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.176.232.125/; sid:900608491; rev:1;) alert tcp $HOME_NET any -> [187.84.80.182] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.84.80.182/; sid:900608492; rev:1;) alert tcp $HOME_NET any -> [109.160.96.230] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.160.96.230/; sid:900608493; rev:1;) alert tcp $HOME_NET any -> [1.161.75.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.75.18/; sid:900608494; rev:1;) alert tcp $HOME_NET any -> [1.161.75.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.75.18/; sid:900608495; rev:1;) alert tcp $HOME_NET any -> [83.110.157.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.157.57/; sid:900608496; rev:1;) alert tcp $HOME_NET any -> [195.32.32.122] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.32.32.122/; sid:900608497; rev:1;) alert tcp $HOME_NET any -> [209.197.176.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.197.176.40/; sid:900608498; rev:1;) alert tcp $HOME_NET any -> [41.84.239.89] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.239.89/; sid:900608499; rev:1;) alert tcp $HOME_NET any -> [101.255.82.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.255.82.164/; sid:900608500; rev:1;) alert tcp $HOME_NET any -> [32.221.224.140] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.224.140/; sid:900608501; rev:1;) alert tcp $HOME_NET any -> [125.24.101.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.101.65/; sid:900608502; rev:1;) alert tcp $HOME_NET any -> [85.246.82.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.246.82.244/; sid:900608503; rev:1;) alert tcp $HOME_NET any -> [187.250.114.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.114.15/; sid:900608504; rev:1;) alert tcp $HOME_NET any -> [189.146.126.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.126.190/; sid:900608505; rev:1;) alert tcp $HOME_NET any -> [104.131.11.205] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.11.205/; sid:900608506; rev:1;) alert tcp $HOME_NET any -> [167.99.127.67] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.127.67/; sid:900608507; rev:1;) alert tcp $HOME_NET any -> [180.183.128.80] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.128.80/; sid:900608508; rev:1;) alert tcp $HOME_NET any -> [102.140.71.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.10/; sid:900608509; rev:1;) alert tcp $HOME_NET any -> [217.164.117.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.187/; sid:900608510; rev:1;) alert tcp $HOME_NET any -> [78.100.225.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.225.12/; sid:900608511; rev:1;) alert tcp $HOME_NET any -> [217.164.117.187] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.187/; sid:900608512; rev:1;) alert tcp $HOME_NET any -> [86.220.98.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.220.98.71/; sid:900608513; rev:1;) alert tcp $HOME_NET any -> [39.49.46.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.46.114/; sid:900608514; rev:1;) alert tcp $HOME_NET any -> [181.62.0.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.62.0.59/; sid:900608515; rev:1;) alert tcp $HOME_NET any -> [81.60.217.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.217.218/; sid:900608516; rev:1;) alert tcp $HOME_NET any -> [191.112.12.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.12.240/; sid:900608517; rev:1;) alert tcp $HOME_NET any -> [201.145.189.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.189.252/; sid:900608519; rev:1;) alert tcp $HOME_NET any -> [102.159.151.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.151.222/; sid:900608520; rev:1;) alert tcp $HOME_NET any -> [68.183.94.239] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.94.239/; sid:900608521; rev:1;) alert tcp $HOME_NET any -> [189.176.231.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.176.231.229/; sid:900608522; rev:1;) alert tcp $HOME_NET any -> [58.105.167.36] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.105.167.36/; sid:900608523; rev:1;) alert tcp $HOME_NET any -> [201.103.199.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.199.197/; sid:900608524; rev:1;) alert tcp $HOME_NET any -> [103.107.113.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.120/; sid:900608525; rev:1;) alert tcp $HOME_NET any -> [86.98.157.14] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.14/; sid:900608526; rev:1;) alert tcp $HOME_NET any -> [41.84.233.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.233.53/; sid:900608527; rev:1;) alert tcp $HOME_NET any -> [189.115.16.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.115.16.78/; sid:900608528; rev:1;) alert tcp $HOME_NET any -> [96.29.208.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.29.208.97/; sid:900608529; rev:1;) alert tcp $HOME_NET any -> [46.107.48.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.107.48.202/; sid:900608530; rev:1;) alert tcp $HOME_NET any -> [105.226.83.196] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.83.196/; sid:900608531; rev:1;) alert tcp $HOME_NET any -> [2.50.22.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.22.45/; sid:900608532; rev:1;) alert tcp $HOME_NET any -> [78.167.216.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.167.216.171/; sid:900608533; rev:1;) alert tcp $HOME_NET any -> [187.207.7.231] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.7.231/; sid:900608534; rev:1;) alert tcp $HOME_NET any -> [217.165.109.212] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.212/; sid:900608535; rev:1;) alert tcp $HOME_NET any -> [191.251.191.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.251.191.31/; sid:900608536; rev:1;) alert tcp $HOME_NET any -> [125.24.107.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.107.95/; sid:900608537; rev:1;) alert tcp $HOME_NET any -> [2.50.137.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.197/; sid:900608538; rev:1;) alert tcp $HOME_NET any -> [45.241.145.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.252/; sid:900608539; rev:1;) alert tcp $HOME_NET any -> [41.38.167.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.38.167.179/; sid:900608540; rev:1;) alert tcp $HOME_NET any -> [81.60.218.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.218.17/; sid:900608541; rev:1;) alert tcp $HOME_NET any -> [83.110.75.97] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.97/; sid:900608542; rev:1;) alert tcp $HOME_NET any -> [88.235.143.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.235.143.36/; sid:900608543; rev:1;) alert tcp $HOME_NET any -> [78.100.227.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.227.177/; sid:900608544; rev:1;) alert tcp $HOME_NET any -> [78.101.150.251] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.150.251/; sid:900608545; rev:1;) alert tcp $HOME_NET any -> [109.228.220.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.220.196/; sid:900608546; rev:1;) alert tcp $HOME_NET any -> [92.96.182.192] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.182.192/; sid:900608547; rev:1;) alert tcp $HOME_NET any -> [92.96.182.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.182.192/; sid:900608548; rev:1;) alert tcp $HOME_NET any -> [37.34.253.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.253.233/; sid:900608549; rev:1;) alert tcp $HOME_NET any -> [102.182.232.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.232.3/; sid:900608550; rev:1;) alert tcp $HOME_NET any -> [144.136.35.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.136.35.102/; sid:900608551; rev:1;) alert tcp $HOME_NET any -> [39.41.173.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.173.204/; sid:900608552; rev:1;) alert tcp $HOME_NET any -> [197.162.118.178] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.162.118.178/; sid:900608553; rev:1;) alert tcp $HOME_NET any -> [176.205.119.81] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.119.81/; sid:900608554; rev:1;) alert tcp $HOME_NET any -> [217.182.78.224] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.78.224/; sid:900608555; rev:1;) alert tcp $HOME_NET any -> [149.56.131.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.131.28/; sid:900608556; rev:1;) alert tcp $HOME_NET any -> [37.210.238.79] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.238.79/; sid:900608559; rev:1;) alert tcp $HOME_NET any -> [181.118.183.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.98/; sid:900608560; rev:1;) alert tcp $HOME_NET any -> [81.215.196.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.196.174/; sid:900608561; rev:1;) alert tcp $HOME_NET any -> [187.207.48.194] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.48.194/; sid:900608562; rev:1;) alert tcp $HOME_NET any -> [78.161.215.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.161.215.162/; sid:900608563; rev:1;) alert tcp $HOME_NET any -> [102.140.71.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.72/; sid:900608564; rev:1;) alert tcp $HOME_NET any -> [39.49.81.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.81.128/; sid:900608565; rev:1;) alert tcp $HOME_NET any -> [92.154.9.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.9.41/; sid:900608566; rev:1;) alert tcp $HOME_NET any -> [181.208.248.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.208.248.227/; sid:900608567; rev:1;) alert tcp $HOME_NET any -> [89.211.187.3] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.187.3/; sid:900608568; rev:1;) alert tcp $HOME_NET any -> [103.139.243.207] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900608569; rev:1;) alert tcp $HOME_NET any -> [31.48.166.122] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.48.166.122/; sid:900608570; rev:1;) alert tcp $HOME_NET any -> [197.87.144.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.144.193/; sid:900608571; rev:1;) alert tcp $HOME_NET any -> [1.161.121.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.121.58/; sid:900608572; rev:1;) alert tcp $HOME_NET any -> [191.17.223.93] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.17.223.93/; sid:900608573; rev:1;) alert tcp $HOME_NET any -> [120.61.1.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.1.185/; sid:900608574; rev:1;) alert tcp $HOME_NET any -> [189.178.44.144] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.44.144/; sid:900608575; rev:1;) alert tcp $HOME_NET any -> [140.0.161.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.0.161.213/; sid:900608576; rev:1;) alert tcp $HOME_NET any -> [191.112.29.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.29.181/; sid:900608577; rev:1;) alert tcp $HOME_NET any -> [31.215.185.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.114/; sid:900608578; rev:1;) alert tcp $HOME_NET any -> [119.158.126.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.126.69/; sid:900608579; rev:1;) alert tcp $HOME_NET any -> [1.161.121.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.121.58/; sid:900608580; rev:1;) alert tcp $HOME_NET any -> [86.98.156.250] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.250/; sid:900608581; rev:1;) alert tcp $HOME_NET any -> [45.241.214.192] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.214.192/; sid:900608582; rev:1;) alert tcp $HOME_NET any -> [42.235.146.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.235.146.7/; sid:900608583; rev:1;) alert tcp $HOME_NET any -> [113.11.89.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.89.165/; sid:900608584; rev:1;) alert tcp $HOME_NET any -> [94.59.57.24] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.57.24/; sid:900608585; rev:1;) alert tcp $HOME_NET any -> [94.36.195.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.250/; sid:900608586; rev:1;) alert tcp $HOME_NET any -> [94.59.138.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.138.62/; sid:900608591; rev:1;) alert tcp $HOME_NET any -> [92.132.172.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.172.197/; sid:900608592; rev:1;) alert tcp $HOME_NET any -> [94.59.138.62] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.138.62/; sid:900608593; rev:1;) alert tcp $HOME_NET any -> [89.211.181.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.181.64/; sid:900608594; rev:1;) alert tcp $HOME_NET any -> [37.186.54.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.254/; sid:900608595; rev:1;) alert tcp $HOME_NET any -> [70.51.138.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.138.126/; sid:900608596; rev:1;) alert tcp $HOME_NET any -> [187.251.132.144] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.251.132.144/; sid:900608597; rev:1;) alert tcp $HOME_NET any -> [78.87.206.213] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.206.213/; sid:900608598; rev:1;) alert tcp $HOME_NET any -> [186.105.121.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.121.166/; sid:900608599; rev:1;) alert tcp $HOME_NET any -> [103.246.242.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.246.242.202/; sid:900608600; rev:1;) alert tcp $HOME_NET any -> [86.97.11.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.11.43/; sid:900608601; rev:1;) alert tcp $HOME_NET any -> [217.164.210.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.210.192/; sid:900608602; rev:1;) alert tcp $HOME_NET any -> [121.74.167.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.167.191/; sid:900608603; rev:1;) alert tcp $HOME_NET any -> [125.168.47.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.168.47.127/; sid:900608604; rev:1;) alert tcp $HOME_NET any -> [1.161.71.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.71.109/; sid:900608605; rev:1;) alert tcp $HOME_NET any -> [180.129.102.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.102.214/; sid:900608606; rev:1;) alert tcp $HOME_NET any -> [217.165.147.83] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.83/; sid:900608607; rev:1;) alert tcp $HOME_NET any -> [197.167.62.14] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.62.14/; sid:900608608; rev:1;) alert tcp $HOME_NET any -> [1.161.71.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.71.109/; sid:900608609; rev:1;) alert tcp $HOME_NET any -> [187.59.23.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.59.23.53/; sid:900608610; rev:1;) alert tcp $HOME_NET any -> [186.64.67.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.38/; sid:900608611; rev:1;) alert tcp $HOME_NET any -> [191.17.223.222] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.17.223.222/; sid:900608612; rev:1;) alert tcp $HOME_NET any -> [83.110.75.225] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.225/; sid:900608613; rev:1;) alert tcp $HOME_NET any -> [86.97.247.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.20/; sid:900608614; rev:1;) alert tcp $HOME_NET any -> [37.210.164.171] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.164.171/; sid:900608615; rev:1;) alert tcp $HOME_NET any -> [177.158.7.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.158.7.155/; sid:900608616; rev:1;) alert tcp $HOME_NET any -> [187.172.232.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.232.250/; sid:900608617; rev:1;) alert tcp $HOME_NET any -> [86.97.247.20] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.20/; sid:900608618; rev:1;) alert tcp $HOME_NET any -> [201.124.1.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.1.172/; sid:900608619; rev:1;) alert tcp $HOME_NET any -> [103.133.11.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.133.11.10/; sid:900608620; rev:1;) alert tcp $HOME_NET any -> [187.207.47.198] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.47.198/; sid:900608621; rev:1;) alert tcp $HOME_NET any -> [78.100.206.189] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.206.189/; sid:900608622; rev:1;) alert tcp $HOME_NET any -> [78.101.88.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.88.134/; sid:900608623; rev:1;) alert tcp $HOME_NET any -> [116.30.6.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.6.16/; sid:900608624; rev:1;) alert tcp $HOME_NET any -> [217.164.117.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.22/; sid:900608625; rev:1;) alert tcp $HOME_NET any -> [72.27.15.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.15.168/; sid:900608626; rev:1;) alert tcp $HOME_NET any -> [70.51.152.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.186/; sid:900608627; rev:1;) alert tcp $HOME_NET any -> [2.50.4.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.57/; sid:900608628; rev:1;) alert tcp $HOME_NET any -> [217.164.117.22] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.22/; sid:900608629; rev:1;) alert tcp $HOME_NET any -> [177.62.254.60] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.62.254.60/; sid:900608630; rev:1;) alert tcp $HOME_NET any -> [5.54.50.169] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.50.169/; sid:900608631; rev:1;) alert tcp $HOME_NET any -> [201.145.179.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.179.247/; sid:900608632; rev:1;) alert tcp $HOME_NET any -> [191.112.20.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.20.100/; sid:900608633; rev:1;) alert tcp $HOME_NET any -> [1.161.116.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.116.40/; sid:900608634; rev:1;) alert tcp $HOME_NET any -> [39.52.31.233] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.31.233/; sid:900608635; rev:1;) alert tcp $HOME_NET any -> [86.98.78.51] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.51/; sid:900608636; rev:1;) alert tcp $HOME_NET any -> [1.161.116.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.116.40/; sid:900608637; rev:1;) alert tcp $HOME_NET any -> [217.164.76.203] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.76.203/; sid:900608638; rev:1;) alert tcp $HOME_NET any -> [182.121.68.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.121.68.188/; sid:900608639; rev:1;) alert tcp $HOME_NET any -> [85.104.122.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.122.231/; sid:900608640; rev:1;) alert tcp $HOME_NET any -> [83.110.91.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.58/; sid:900608641; rev:1;) alert tcp $HOME_NET any -> [41.129.82.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.129.82.125/; sid:900608642; rev:1;) alert tcp $HOME_NET any -> [180.183.97.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.97.165/; sid:900608643; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900608644; rev:1;) alert tcp $HOME_NET any -> [104.131.62.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.62.48/; sid:900608645; rev:1;) alert tcp $HOME_NET any -> [85.101.204.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.101.204.178/; sid:900608646; rev:1;) alert tcp $HOME_NET any -> [179.174.52.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.174.52.27/; sid:900608647; rev:1;) alert tcp $HOME_NET any -> [116.30.5.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.5.32/; sid:900608648; rev:1;) alert tcp $HOME_NET any -> [78.100.192.210] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.192.210/; sid:900608649; rev:1;) alert tcp $HOME_NET any -> [78.100.234.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.234.143/; sid:900608650; rev:1;) alert tcp $HOME_NET any -> [72.12.115.71] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.115.71/; sid:900608651; rev:1;) alert tcp $HOME_NET any -> [62.75.251.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900608652; rev:1;) alert tcp $HOME_NET any -> [93.104.209.56] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.104.209.56/; sid:900608653; rev:1;) alert tcp $HOME_NET any -> [103.85.160.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.85.160.5/; sid:900608654; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900608655; rev:1;) alert tcp $HOME_NET any -> [49.231.16.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.16.102/; sid:900608656; rev:1;) alert tcp $HOME_NET any -> [176.205.23.170] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.23.170/; sid:900608657; rev:1;) alert tcp $HOME_NET any -> [176.205.23.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.23.170/; sid:900608658; rev:1;) alert tcp $HOME_NET any -> [47.110.149.223] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.110.149.223/; sid:900608659; rev:1;) alert tcp $HOME_NET any -> [114.79.130.68] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900608660; rev:1;) alert tcp $HOME_NET any -> [103.30.145.119] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.145.119/; sid:900608661; rev:1;) alert tcp $HOME_NET any -> [138.197.147.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.147.101/; sid:900608662; rev:1;) alert tcp $HOME_NET any -> [134.195.212.50] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.195.212.50/; sid:900608663; rev:1;) alert tcp $HOME_NET any -> [104.168.154.79] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900608664; rev:1;) alert tcp $HOME_NET any -> [121.7.223.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.59/; sid:900608665; rev:1;) alert tcp $HOME_NET any -> [1.161.67.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.67.235/; sid:900608666; rev:1;) alert tcp $HOME_NET any -> [86.98.156.198] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.198/; sid:900608667; rev:1;) alert tcp $HOME_NET any -> [1.161.67.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.67.235/; sid:900608668; rev:1;) alert tcp $HOME_NET any -> [189.146.73.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.73.62/; sid:900608669; rev:1;) alert tcp $HOME_NET any -> [78.101.82.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.40/; sid:900608670; rev:1;) alert tcp $HOME_NET any -> [31.215.185.49] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.49/; sid:900608671; rev:1;) alert tcp $HOME_NET any -> [31.215.185.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.49/; sid:900608672; rev:1;) alert tcp $HOME_NET any -> [46.198.215.152] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.215.152/; sid:900608673; rev:1;) alert tcp $HOME_NET any -> [189.27.113.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.27.113.73/; sid:900608674; rev:1;) alert tcp $HOME_NET any -> [201.13.50.41] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.13.50.41/; sid:900608675; rev:1;) alert tcp $HOME_NET any -> [201.22.97.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.22.97.225/; sid:900608676; rev:1;) alert tcp $HOME_NET any -> [186.105.103.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.103.240/; sid:900608677; rev:1;) alert tcp $HOME_NET any -> [177.205.6.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.6.251/; sid:900608678; rev:1;) alert tcp $HOME_NET any -> [142.184.161.168] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.184.161.168/; sid:900608679; rev:1;) alert tcp $HOME_NET any -> [180.183.134.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.134.56/; sid:900608680; rev:1;) alert tcp $HOME_NET any -> [115.50.75.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.50.75.208/; sid:900608681; rev:1;) alert tcp $HOME_NET any -> [197.167.63.31] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.63.31/; sid:900608682; rev:1;) alert tcp $HOME_NET any -> [68.183.91.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.91.111/; sid:900608683; rev:1;) alert tcp $HOME_NET any -> [164.52.194.45] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.52.194.45/; sid:900608684; rev:1;) alert tcp $HOME_NET any -> [138.201.142.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.142.73/; sid:900608685; rev:1;) alert tcp $HOME_NET any -> [37.210.160.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.160.58/; sid:900608686; rev:1;) alert tcp $HOME_NET any -> [70.51.153.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.189/; sid:900608687; rev:1;) alert tcp $HOME_NET any -> [72.252.157.172] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900608688; rev:1;) alert tcp $HOME_NET any -> [217.160.107.189] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900608689; rev:1;) alert tcp $HOME_NET any -> [119.59.98.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.98.59/; sid:900608690; rev:1;) alert tcp $HOME_NET any -> [68.183.84.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.84.74/; sid:900608691; rev:1;) alert tcp $HOME_NET any -> [197.164.175.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.175.205/; sid:900608692; rev:1;) alert tcp $HOME_NET any -> [85.97.79.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.97.79.239/; sid:900608693; rev:1;) alert tcp $HOME_NET any -> [41.84.248.41] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.248.41/; sid:900608694; rev:1;) alert tcp $HOME_NET any -> [31.215.214.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.189/; sid:900608695; rev:1;) alert tcp $HOME_NET any -> [174.95.174.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.95.174.163/; sid:900608696; rev:1;) alert tcp $HOME_NET any -> [201.172.23.68] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.23.68/; sid:900608697; rev:1;) alert tcp $HOME_NET any -> [189.253.162.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.162.110/; sid:900608698; rev:1;) alert tcp $HOME_NET any -> [140.0.79.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.0.79.30/; sid:900608699; rev:1;) alert tcp $HOME_NET any -> [72.252.157.172] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900608700; rev:1;) alert tcp $HOME_NET any -> [31.215.214.189] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.189/; sid:900608701; rev:1;) alert tcp $HOME_NET any -> [1.161.126.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.64/; sid:900608702; rev:1;) alert tcp $HOME_NET any -> [1.161.126.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.64/; sid:900608703; rev:1;) alert tcp $HOME_NET any -> [83.110.93.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.93.205/; sid:900608704; rev:1;) alert tcp $HOME_NET any -> [39.49.94.35] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.94.35/; sid:900608705; rev:1;) alert tcp $HOME_NET any -> [139.59.44.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.44.48/; sid:900608706; rev:1;) alert tcp $HOME_NET any -> [74.14.7.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.7.71/; sid:900608707; rev:1;) alert tcp $HOME_NET any -> [167.86.191.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.191.84/; sid:900608708; rev:1;) alert tcp $HOME_NET any -> [85.96.46.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.46.255/; sid:900608709; rev:1;) alert tcp $HOME_NET any -> [102.65.38.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.74/; sid:900608710; rev:1;) alert tcp $HOME_NET any -> [187.58.79.229] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.79.229/; sid:900608711; rev:1;) alert tcp $HOME_NET any -> [148.0.57.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.57.85/; sid:900608712; rev:1;) alert tcp $HOME_NET any -> [197.89.17.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.104/; sid:900608713; rev:1;) alert tcp $HOME_NET any -> [104.34.212.7] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.34.212.7/; sid:900608714; rev:1;) alert tcp $HOME_NET any -> [190.74.239.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.239.37/; sid:900608715; rev:1;) alert tcp $HOME_NET any -> [179.99.49.37] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.99.49.37/; sid:900608716; rev:1;) alert tcp $HOME_NET any -> [101.51.79.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.79.185/; sid:900608717; rev:1;) alert tcp $HOME_NET any -> [70.51.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.227/; sid:900608718; rev:1;) alert tcp $HOME_NET any -> [81.155.87.247] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.155.87.247/; sid:900608719; rev:1;) alert tcp $HOME_NET any -> [187.208.137.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.137.144/; sid:900608720; rev:1;) alert tcp $HOME_NET any -> [31.215.184.145] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.184.145/; sid:900608721; rev:1;) alert tcp $HOME_NET any -> [31.215.71.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.71.174/; sid:900608722; rev:1;) alert tcp $HOME_NET any -> [176.31.73.90] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.73.90/; sid:900608723; rev:1;) alert tcp $HOME_NET any -> [45.76.159.214] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.159.214/; sid:900608724; rev:1;) alert tcp $HOME_NET any -> [180.129.20.164] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.20.164/; sid:900608725; rev:1;) alert tcp $HOME_NET any -> [183.88.61.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.88.61.229/; sid:900608726; rev:1;) alert tcp $HOME_NET any -> [118.161.9.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900608727; rev:1;) alert tcp $HOME_NET any -> [98.22.246.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.246.169/; sid:900608728; rev:1;) alert tcp $HOME_NET any -> [118.161.9.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900608729; rev:1;) alert tcp $HOME_NET any -> [86.98.78.42] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.42/; sid:900608730; rev:1;) alert tcp $HOME_NET any -> [39.44.144.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.144.64/; sid:900608731; rev:1;) alert tcp $HOME_NET any -> [45.241.170.130] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.170.130/; sid:900608732; rev:1;) alert tcp $HOME_NET any -> [85.214.93.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.214.93.93/; sid:900608733; rev:1;) alert tcp $HOME_NET any -> [178.62.112.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.112.199/; sid:900608734; rev:1;) alert tcp $HOME_NET any -> [45.241.145.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.100/; sid:900608735; rev:1;) alert tcp $HOME_NET any -> [85.96.45.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.45.51/; sid:900608736; rev:1;) alert tcp $HOME_NET any -> [165.22.211.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.211.113/; sid:900608737; rev:1;) alert tcp $HOME_NET any -> [139.59.60.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.60.88/; sid:900608738; rev:1;) alert tcp $HOME_NET any -> [96.125.171.165] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.125.171.165/; sid:900608739; rev:1;) alert tcp $HOME_NET any -> [178.128.82.218] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.82.218/; sid:900608740; rev:1;) alert tcp $HOME_NET any -> [103.221.221.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.221.221.164/; sid:900608741; rev:1;) alert tcp $HOME_NET any -> [46.176.222.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.222.34/; sid:900608742; rev:1;) alert tcp $HOME_NET any -> [39.57.23.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.23.116/; sid:900608743; rev:1;) alert tcp $HOME_NET any -> [41.84.241.23] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.241.23/; sid:900608744; rev:1;) alert tcp $HOME_NET any -> [185.249.85.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.175/; sid:900608745; rev:1;) alert tcp $HOME_NET any -> [113.89.5.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.5.252/; sid:900608746; rev:1;) alert tcp $HOME_NET any -> [78.180.88.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.88.120/; sid:900608747; rev:1;) alert tcp $HOME_NET any -> [197.89.108.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.108.36/; sid:900608748; rev:1;) alert tcp $HOME_NET any -> [94.59.56.46] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900608749; rev:1;) alert tcp $HOME_NET any -> [191.112.14.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.14.1/; sid:900608750; rev:1;) alert tcp $HOME_NET any -> [94.59.56.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900608751; rev:1;) alert tcp $HOME_NET any -> [1.161.104.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900608752; rev:1;) alert tcp $HOME_NET any -> [1.161.104.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900608753; rev:1;) alert tcp $HOME_NET any -> [83.110.218.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.155/; sid:900608754; rev:1;) alert tcp $HOME_NET any -> [83.79.122.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.79.122.192/; sid:900608755; rev:1;) alert tcp $HOME_NET any -> [86.132.13.91] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.13.91/; sid:900608756; rev:1;) alert tcp $HOME_NET any -> [187.172.170.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.170.129/; sid:900608757; rev:1;) alert tcp $HOME_NET any -> [187.114.156.142] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.114.156.142/; sid:900608758; rev:1;) alert tcp $HOME_NET any -> [186.64.67.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.8/; sid:900608759; rev:1;) alert tcp $HOME_NET any -> [39.33.211.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.211.246/; sid:900608760; rev:1;) alert tcp $HOME_NET any -> [189.146.78.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.78.175/; sid:900608761; rev:1;) alert tcp $HOME_NET any -> [103.139.243.207] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900608762; rev:1;) alert tcp $HOME_NET any -> [217.164.117.87] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.87/; sid:900608763; rev:1;) alert tcp $HOME_NET any -> [184.100.157.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.100.157.205/; sid:900608764; rev:1;) alert tcp $HOME_NET any -> [197.94.84.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.84.67/; sid:900608765; rev:1;) alert tcp $HOME_NET any -> [194.36.28.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.102/; sid:900608766; rev:1;) alert tcp $HOME_NET any -> [179.179.162.9] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.179.162.9/; sid:900608767; rev:1;) alert tcp $HOME_NET any -> [141.237.86.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.86.114/; sid:900608768; rev:1;) alert tcp $HOME_NET any -> [94.36.195.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.102/; sid:900608769; rev:1;) alert tcp $HOME_NET any -> [217.118.46.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.118.46.41/; sid:900608770; rev:1;) alert tcp $HOME_NET any -> [177.102.2.175] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.102.2.175/; sid:900608771; rev:1;) alert tcp $HOME_NET any -> [39.33.170.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.170.57/; sid:900608772; rev:1;) alert tcp $HOME_NET any -> [187.102.135.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.141/; sid:900608773; rev:1;) alert tcp $HOME_NET any -> [70.51.152.61] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.61/; sid:900608774; rev:1;) alert tcp $HOME_NET any -> [187.208.0.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.0.99/; sid:900608775; rev:1;) alert tcp $HOME_NET any -> [201.142.133.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.133.198/; sid:900608776; rev:1;) alert tcp $HOME_NET any -> [118.161.34.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.34.21/; sid:900608777; rev:1;) alert tcp $HOME_NET any -> [89.211.182.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.182.31/; sid:900608779; rev:1;) alert tcp $HOME_NET any -> [88.228.251.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.228.251.169/; sid:900608780; rev:1;) alert tcp $HOME_NET any -> [217.165.84.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.177/; sid:900608781; rev:1;) alert tcp $HOME_NET any -> [39.57.56.19] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.56.19/; sid:900608782; rev:1;) alert tcp $HOME_NET any -> [83.110.89.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.191/; sid:900608785; rev:1;) alert tcp $HOME_NET any -> [197.89.6.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.6.37/; sid:900608786; rev:1;) alert tcp $HOME_NET any -> [188.50.241.63] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.241.63/; sid:900608787; rev:1;) alert tcp $HOME_NET any -> [78.100.197.230] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.197.230/; sid:900608788; rev:1;) alert tcp $HOME_NET any -> [86.98.78.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.177/; sid:900608789; rev:1;) alert tcp $HOME_NET any -> [197.162.117.38] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.162.117.38/; sid:900608790; rev:1;) alert tcp $HOME_NET any -> [185.249.85.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.200/; sid:900608791; rev:1;) alert tcp $HOME_NET any -> [186.90.153.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.153.162/; sid:900608792; rev:1;) alert tcp $HOME_NET any -> [101.51.76.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.76.46/; sid:900608793; rev:1;) alert tcp $HOME_NET any -> [45.241.145.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.155/; sid:900608794; rev:1;) alert tcp $HOME_NET any -> [78.100.235.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.235.8/; sid:900608795; rev:1;) alert tcp $HOME_NET any -> [201.42.3.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.42.3.27/; sid:900608796; rev:1;) alert tcp $HOME_NET any -> [124.40.244.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.40.244.118/; sid:900608797; rev:1;) alert tcp $HOME_NET any -> [86.97.246.216] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.216/; sid:900608798; rev:1;) alert tcp $HOME_NET any -> [201.1.202.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.1.202.82/; sid:900608799; rev:1;) alert tcp $HOME_NET any -> [189.26.55.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.26.55.114/; sid:900608800; rev:1;) alert tcp $HOME_NET any -> [191.251.134.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.251.134.129/; sid:900608801; rev:1;) alert tcp $HOME_NET any -> [86.97.8.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.200/; sid:900608802; rev:1;) alert tcp $HOME_NET any -> [70.51.137.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.64/; sid:900608803; rev:1;) alert tcp $HOME_NET any -> [103.107.113.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.84/; sid:900608804; rev:1;) alert tcp $HOME_NET any -> [187.172.191.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.191.97/; sid:900608805; rev:1;) alert tcp $HOME_NET any -> [173.22.32.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.32.101/; sid:900608806; rev:1;) alert tcp $HOME_NET any -> [46.103.186.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.103.186.43/; sid:900608807; rev:1;) alert tcp $HOME_NET any -> [63.142.250.212] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.250.212/; sid:900608808; rev:1;) alert tcp $HOME_NET any -> [150.95.66.124] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.66.124/; sid:900608809; rev:1;) alert tcp $HOME_NET any -> [189.146.87.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.87.77/; sid:900608810; rev:1;) alert tcp $HOME_NET any -> [39.44.86.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.86.21/; sid:900608811; rev:1;) alert tcp $HOME_NET any -> [86.190.159.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.159.132/; sid:900608812; rev:1;) alert tcp $HOME_NET any -> [23.239.0.12] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.0.12/; sid:900608813; rev:1;) alert tcp $HOME_NET any -> [187.207.131.50] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.131.50/; sid:900608814; rev:1;) alert tcp $HOME_NET any -> [217.164.119.236] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900608815; rev:1;) alert tcp $HOME_NET any -> [37.210.156.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.156.191/; sid:900608816; rev:1;) alert tcp $HOME_NET any -> [102.65.16.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.16.245/; sid:900608817; rev:1;) alert tcp $HOME_NET any -> [85.107.161.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.107.161.25/; sid:900608818; rev:1;) alert tcp $HOME_NET any -> [176.45.216.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.216.134/; sid:900608819; rev:1;) alert tcp $HOME_NET any -> [217.164.119.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900608820; rev:1;) alert tcp $HOME_NET any -> [39.49.48.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.48.82/; sid:900608821; rev:1;) alert tcp $HOME_NET any -> [187.208.122.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.122.239/; sid:900608822; rev:1;) alert tcp $HOME_NET any -> [186.105.98.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.98.35/; sid:900608823; rev:1;) alert tcp $HOME_NET any -> [158.69.222.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.222.101/; sid:900608824; rev:1;) alert tcp $HOME_NET any -> [1.161.66.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.66.82/; sid:900608825; rev:1;) alert tcp $HOME_NET any -> [31.215.102.193] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.102.193/; sid:900608826; rev:1;) alert tcp $HOME_NET any -> [39.44.66.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.66.76/; sid:900608827; rev:1;) alert tcp $HOME_NET any -> [104.248.225.227] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.225.227/; sid:900608828; rev:1;) alert tcp $HOME_NET any -> [188.225.32.231] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.32.231/; sid:900608829; rev:1;) alert tcp $HOME_NET any -> [39.44.178.7] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.178.7/; sid:900608830; rev:1;) alert tcp $HOME_NET any -> [81.129.112.49] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.112.49/; sid:900608831; rev:1;) alert tcp $HOME_NET any -> [146.66.139.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.14/; sid:900608832; rev:1;) alert tcp $HOME_NET any -> [197.89.17.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.146/; sid:900608833; rev:1;) alert tcp $HOME_NET any -> [217.165.147.77] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.77/; sid:900608834; rev:1;) alert tcp $HOME_NET any -> [186.90.13.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.13.85/; sid:900608835; rev:1;) alert tcp $HOME_NET any -> [78.183.159.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.183.159.152/; sid:900608837; rev:1;) alert tcp $HOME_NET any -> [47.157.227.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.227.70/; sid:900608838; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900608839; rev:1;) alert tcp $HOME_NET any -> [103.224.242.13] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.242.13/; sid:900608840; rev:1;) alert tcp $HOME_NET any -> [45.226.53.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.53.34/; sid:900608841; rev:1;) alert tcp $HOME_NET any -> [37.208.145.168] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.145.168/; sid:900608843; rev:1;) alert tcp $HOME_NET any -> [39.49.31.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.31.161/; sid:900608844; rev:1;) alert tcp $HOME_NET any -> [1.161.100.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.100.47/; sid:900608845; rev:1;) alert tcp $HOME_NET any -> [37.210.158.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.158.242/; sid:900608846; rev:1;) alert tcp $HOME_NET any -> [197.89.12.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.59/; sid:900608847; rev:1;) alert tcp $HOME_NET any -> [197.164.163.81] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.163.81/; sid:900608848; rev:1;) alert tcp $HOME_NET any -> [179.145.13.69] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.145.13.69/; sid:900608849; rev:1;) alert tcp $HOME_NET any -> [172.105.70.96] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.70.96/; sid:900608850; rev:1;) alert tcp $HOME_NET any -> [187.16.64.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.16.64.194/; sid:900608851; rev:1;) alert tcp $HOME_NET any -> [200.109.56.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.56.159/; sid:900608852; rev:1;) alert tcp $HOME_NET any -> [63.250.39.66] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.250.39.66/; sid:900608853; rev:1;) alert tcp $HOME_NET any -> [178.62.21.18] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.21.18/; sid:900608854; rev:1;) alert tcp $HOME_NET any -> [5.193.138.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.138.70/; sid:900608855; rev:1;) alert tcp $HOME_NET any -> [148.0.15.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.15.41/; sid:900608856; rev:1;) alert tcp $HOME_NET any -> [187.149.227.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.152/; sid:900608857; rev:1;) alert tcp $HOME_NET any -> [177.157.156.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.157.156.136/; sid:900608858; rev:1;) alert tcp $HOME_NET any -> [103.107.113.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.82/; sid:900608859; rev:1;) alert tcp $HOME_NET any -> [83.110.88.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.88.196/; sid:900608860; rev:1;) alert tcp $HOME_NET any -> [103.8.26.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.17/; sid:900608861; rev:1;) alert tcp $HOME_NET any -> [134.122.119.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.119.23/; sid:900608862; rev:1;) alert tcp $HOME_NET any -> [41.215.158.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.158.114/; sid:900608863; rev:1;) alert tcp $HOME_NET any -> [217.164.120.210] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.120.210/; sid:900608864; rev:1;) alert tcp $HOME_NET any -> [78.100.199.234] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.199.234/; sid:900608865; rev:1;) alert tcp $HOME_NET any -> [200.148.9.225] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.148.9.225/; sid:900608866; rev:1;) alert tcp $HOME_NET any -> [37.210.145.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.145.41/; sid:900608867; rev:1;) alert tcp $HOME_NET any -> [116.30.7.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.7.55/; sid:900608868; rev:1;) alert tcp $HOME_NET any -> [83.110.219.20] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.219.20/; sid:900608869; rev:1;) alert tcp $HOME_NET any -> [31.215.70.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.187/; sid:900608870; rev:1;) alert tcp $HOME_NET any -> [41.215.153.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.153.62/; sid:900608871; rev:1;) alert tcp $HOME_NET any -> [191.250.188.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.250.188.54/; sid:900608872; rev:1;) alert tcp $HOME_NET any -> [89.29.244.7] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.29.244.7/; sid:900608873; rev:1;) alert tcp $HOME_NET any -> [173.239.37.178] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.239.37.178/; sid:900608874; rev:1;) alert tcp $HOME_NET any -> [39.41.132.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.132.180/; sid:900608875; rev:1;) alert tcp $HOME_NET any -> [39.44.46.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.46.206/; sid:900608876; rev:1;) alert tcp $HOME_NET any -> [83.110.89.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.53/; sid:900608877; rev:1;) alert tcp $HOME_NET any -> [197.161.51.29] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.51.29/; sid:900608878; rev:1;) alert tcp $HOME_NET any -> [95.12.16.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.12.16.233/; sid:900608879; rev:1;) alert tcp $HOME_NET any -> [39.49.33.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.33.65/; sid:900608880; rev:1;) alert tcp $HOME_NET any -> [197.92.130.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.130.121/; sid:900608881; rev:1;) alert tcp $HOME_NET any -> [31.215.214.100] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.100/; sid:900608882; rev:1;) alert tcp $HOME_NET any -> [125.24.203.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.203.79/; sid:900608883; rev:1;) alert tcp $HOME_NET any -> [41.84.236.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.236.153/; sid:900608884; rev:1;) alert tcp $HOME_NET any -> [89.211.209.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.209.105/; sid:900608885; rev:1;) alert tcp $HOME_NET any -> [189.223.134.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.134.157/; sid:900608886; rev:1;) alert tcp $HOME_NET any -> [118.161.37.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900608887; rev:1;) alert tcp $HOME_NET any -> [197.89.8.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.179/; sid:900608888; rev:1;) alert tcp $HOME_NET any -> [83.110.94.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.94.23/; sid:900608889; rev:1;) alert tcp $HOME_NET any -> [5.54.49.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.49.78/; sid:900608890; rev:1;) alert tcp $HOME_NET any -> [45.241.215.15] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.215.15/; sid:900608891; rev:1;) alert tcp $HOME_NET any -> [89.211.185.1] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.185.1/; sid:900608892; rev:1;) alert tcp $HOME_NET any -> [31.215.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.115/; sid:900608893; rev:1;) alert tcp $HOME_NET any -> [39.49.44.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.44.239/; sid:900608894; rev:1;) alert tcp $HOME_NET any -> [113.89.6.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.6.31/; sid:900608895; rev:1;) alert tcp $HOME_NET any -> [113.53.145.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.53.145.118/; sid:900608896; rev:1;) alert tcp $HOME_NET any -> [217.165.109.187] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.187/; sid:900608897; rev:1;) alert tcp $HOME_NET any -> [50.2.217.16] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.2.217.16/; sid:900608898; rev:1;) alert tcp $HOME_NET any -> [188.166.217.40] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.217.40/; sid:900608899; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900608900; rev:1;) alert tcp $HOME_NET any -> [79.80.80.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.80.80.29/; sid:900608901; rev:1;) alert tcp $HOME_NET any -> [193.124.206.225] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.206.225/; sid:900608902; rev:1;) alert tcp $HOME_NET any -> [45.10.24.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.10.24.134/; sid:900608903; rev:1;) alert tcp $HOME_NET any -> [51.91.142.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.26/; sid:900608904; rev:1;) alert tcp $HOME_NET any -> [165.227.166.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.166.238/; sid:900608905; rev:1;) alert tcp $HOME_NET any -> [167.172.248.70] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.248.70/; sid:900608906; rev:1;) alert tcp $HOME_NET any -> [92.114.18.20] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.114.18.20/; sid:900608907; rev:1;) alert tcp $HOME_NET any -> [169.45.124.186] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.45.124.186/; sid:900608908; rev:1;) alert tcp $HOME_NET any -> [149.28.156.183] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.156.183/; sid:900608909; rev:1;) alert tcp $HOME_NET any -> [142.93.47.112] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.47.112/; sid:900608910; rev:1;) alert tcp $HOME_NET any -> [39.33.216.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.216.128/; sid:900608912; rev:1;) alert tcp $HOME_NET any -> [180.129.108.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.108.214/; sid:900608913; rev:1;) alert tcp $HOME_NET any -> [118.161.37.101] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900608914; rev:1;) alert tcp $HOME_NET any -> [173.82.82.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.82.82.196/; sid:900608915; rev:1;) alert tcp $HOME_NET any -> [159.89.202.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.202.34/; sid:900608916; rev:1;) alert tcp $HOME_NET any -> [165.22.73.229] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.73.229/; sid:900608917; rev:1;) alert tcp $HOME_NET any -> [160.16.143.191] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.143.191/; sid:900608918; rev:1;) alert tcp $HOME_NET any -> [39.44.62.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.62.55/; sid:900608921; rev:1;) alert tcp $HOME_NET any -> [197.94.85.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.85.72/; sid:900608922; rev:1;) alert tcp $HOME_NET any -> [197.87.182.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.35/; sid:900608923; rev:1;) alert tcp $HOME_NET any -> [37.208.155.29] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.155.29/; sid:900608924; rev:1;) alert tcp $HOME_NET any -> [74.14.5.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.5.179/; sid:900608925; rev:1;) alert tcp $HOME_NET any -> [78.101.84.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.84.56/; sid:900608926; rev:1;) alert tcp $HOME_NET any -> [1.161.122.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.122.145/; sid:900608927; rev:1;) alert tcp $HOME_NET any -> [78.180.86.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.86.123/; sid:900608928; rev:1;) alert tcp $HOME_NET any -> [72.27.86.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.86.98/; sid:900608929; rev:1;) alert tcp $HOME_NET any -> [2.50.137.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.155/; sid:900608930; rev:1;) alert tcp $HOME_NET any -> [86.97.11.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.11.30/; sid:900608931; rev:1;) alert tcp $HOME_NET any -> [187.16.64.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.16.64.193/; sid:900608932; rev:1;) alert tcp $HOME_NET any -> [187.172.219.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.219.103/; sid:900608933; rev:1;) alert tcp $HOME_NET any -> [104.168.204.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.204.123/; sid:900608934; rev:1;) alert tcp $HOME_NET any -> [49.12.241.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.12.241.35/; sid:900608935; rev:1;) alert tcp $HOME_NET any -> [79.110.52.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.53/; sid:900608936; rev:1;) alert tcp $HOME_NET any -> [194.135.33.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.137/; sid:900608937; rev:1;) alert tcp $HOME_NET any -> [194.135.33.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.144/; sid:900608938; rev:1;) alert tcp $HOME_NET any -> [192.236.160.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.160.254/; sid:900608939; rev:1;) alert tcp $HOME_NET any -> [192.236.198.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.198.116/; sid:900608940; rev:1;) alert tcp $HOME_NET any -> [192.236.192.85] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.192.85/; sid:900608941; rev:1;) alert tcp $HOME_NET any -> [45.67.231.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.151/; sid:900608942; rev:1;) alert tcp $HOME_NET any -> [45.147.229.23] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.23/; sid:900608943; rev:1;) alert tcp $HOME_NET any -> [176.107.177.124] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.107.177.124/; sid:900608944; rev:1;) alert tcp $HOME_NET any -> [154.56.0.223] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.223/; sid:900608945; rev:1;) alert tcp $HOME_NET any -> [161.97.91.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.97.91.52/; sid:900608946; rev:1;) alert tcp $HOME_NET any -> [23.81.246.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.81.246.187/; sid:900608947; rev:1;) alert tcp $HOME_NET any -> [209.141.37.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.37.189/; sid:900608948; rev:1;) alert tcp $HOME_NET any -> [68.233.238.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.233.238.126/; sid:900608949; rev:1;) alert tcp $HOME_NET any -> [206.54.190.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.54.190.138/; sid:900608950; rev:1;) alert tcp $HOME_NET any -> [206.54.190.170] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.54.190.170/; sid:900608951; rev:1;) alert tcp $HOME_NET any -> [142.11.196.98] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.196.98/; sid:900608952; rev:1;) alert tcp $HOME_NET any -> [23.83.133.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.83.133.13/; sid:900608953; rev:1;) alert tcp $HOME_NET any -> [64.44.141.177] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.141.177/; sid:900608954; rev:1;) alert tcp $HOME_NET any -> [104.168.218.225] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.218.225/; sid:900608955; rev:1;) alert tcp $HOME_NET any -> [142.234.157.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.234.157.93/; sid:900608956; rev:1;) alert tcp $HOME_NET any -> [103.175.16.51] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.51/; sid:900608957; rev:1;) alert tcp $HOME_NET any -> [193.233.202.237] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.233.202.237/; sid:900608958; rev:1;) alert tcp $HOME_NET any -> [103.175.16.38] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.38/; sid:900608959; rev:1;) alert tcp $HOME_NET any -> [89.44.9.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.135/; sid:900608960; rev:1;) alert tcp $HOME_NET any -> [23.227.198.217] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.198.217/; sid:900608961; rev:1;) alert tcp $HOME_NET any -> [64.44.135.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.136/; sid:900608962; rev:1;) alert tcp $HOME_NET any -> [192.236.208.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.208.15/; sid:900608963; rev:1;) alert tcp $HOME_NET any -> [45.153.243.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.93/; sid:900608964; rev:1;) alert tcp $HOME_NET any -> [213.232.235.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.235.199/; sid:900608965; rev:1;) alert tcp $HOME_NET any -> [173.212.228.43] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.228.43/; sid:900608966; rev:1;) alert tcp $HOME_NET any -> [23.82.128.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.128.149/; sid:900608967; rev:1;) alert tcp $HOME_NET any -> [108.62.12.203] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.12.203/; sid:900608968; rev:1;) alert tcp $HOME_NET any -> [23.106.223.130] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.130/; sid:900608969; rev:1;) alert tcp $HOME_NET any -> [45.153.243.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.82/; sid:900608970; rev:1;) alert tcp $HOME_NET any -> [64.44.141.173] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.141.173/; sid:900608971; rev:1;) alert tcp $HOME_NET any -> [23.19.58.251] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.19.58.251/; sid:900608972; rev:1;) alert tcp $HOME_NET any -> [23.106.160.33] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.33/; sid:900608973; rev:1;) alert tcp $HOME_NET any -> [45.66.151.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.151/; sid:900608974; rev:1;) alert tcp $HOME_NET any -> [45.66.151.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.150/; sid:900608975; rev:1;) alert tcp $HOME_NET any -> [91.90.121.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.121.20/; sid:900608976; rev:1;) alert tcp $HOME_NET any -> [91.90.121.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.121.121/; sid:900608977; rev:1;) alert tcp $HOME_NET any -> [23.227.203.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.203.120/; sid:900608978; rev:1;) alert tcp $HOME_NET any -> [146.70.106.92] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.92/; sid:900608979; rev:1;) alert tcp $HOME_NET any -> [51.83.253.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.253.244/; sid:900608980; rev:1;) alert tcp $HOME_NET any -> [154.56.0.218] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.218/; sid:900608981; rev:1;) alert tcp $HOME_NET any -> [146.19.173.152] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.152/; sid:900608982; rev:1;) alert tcp $HOME_NET any -> [23.254.224.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.224.200/; sid:900608983; rev:1;) alert tcp $HOME_NET any -> [23.88.117.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.88.117.246/; sid:900608984; rev:1;) alert tcp $HOME_NET any -> [199.195.252.30] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.252.30/; sid:900608985; rev:1;) alert tcp $HOME_NET any -> [45.67.231.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.123/; sid:900608986; rev:1;) alert tcp $HOME_NET any -> [194.33.40.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.33.40.181/; sid:900608987; rev:1;) alert tcp $HOME_NET any -> [142.11.222.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.222.79/; sid:900608988; rev:1;) alert tcp $HOME_NET any -> [45.66.151.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.59/; sid:900608989; rev:1;) alert tcp $HOME_NET any -> [91.213.8.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.213.8.18/; sid:900608990; rev:1;) alert tcp $HOME_NET any -> [89.44.9.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.167/; sid:900608991; rev:1;) alert tcp $HOME_NET any -> [185.62.58.125] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.125/; sid:900608992; rev:1;) alert tcp $HOME_NET any -> [192.236.162.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.162.127/; sid:900608993; rev:1;) alert tcp $HOME_NET any -> [176.107.187.37] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.107.187.37/; sid:900608994; rev:1;) alert tcp $HOME_NET any -> [54.38.137.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.137.18/; sid:900608995; rev:1;) alert tcp $HOME_NET any -> [146.19.173.220] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.220/; sid:900608996; rev:1;) alert tcp $HOME_NET any -> [23.254.217.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.217.20/; sid:900608997; rev:1;) alert tcp $HOME_NET any -> [185.62.58.238] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.238/; sid:900608998; rev:1;) alert tcp $HOME_NET any -> [145.239.30.26] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.26/; sid:900608999; rev:1;) alert tcp $HOME_NET any -> [54.38.138.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.138.141/; sid:900609000; rev:1;) alert tcp $HOME_NET any -> [167.235.245.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.235.245.35/; sid:900609001; rev:1;) alert tcp $HOME_NET any -> [185.62.56.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.201/; sid:900609002; rev:1;) alert tcp $HOME_NET any -> [146.70.106.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.47/; sid:900609003; rev:1;) alert tcp $HOME_NET any -> [185.62.57.162] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.162/; sid:900609004; rev:1;) alert tcp $HOME_NET any -> [154.56.0.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.201/; sid:900609005; rev:1;) alert tcp $HOME_NET any -> [154.56.0.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.199/; sid:900609006; rev:1;) alert tcp $HOME_NET any -> [92.204.160.92] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.204.160.92/; sid:900609007; rev:1;) alert tcp $HOME_NET any -> [154.56.0.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.221/; sid:900609008; rev:1;) alert tcp $HOME_NET any -> [198.98.59.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.59.195/; sid:900609009; rev:1;) alert tcp $HOME_NET any -> [165.232.89.118] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.89.118/; sid:900609010; rev:1;) alert tcp $HOME_NET any -> [54.38.139.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.139.20/; sid:900609011; rev:1;) alert tcp $HOME_NET any -> [146.19.173.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.195/; sid:900609012; rev:1;) alert tcp $HOME_NET any -> [198.98.62.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.62.156/; sid:900609013; rev:1;) alert tcp $HOME_NET any -> [23.254.227.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.227.144/; sid:900609014; rev:1;) alert tcp $HOME_NET any -> [23.227.202.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.202.179/; sid:900609015; rev:1;) alert tcp $HOME_NET any -> [194.37.97.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.37.97.135/; sid:900609016; rev:1;) alert tcp $HOME_NET any -> [193.239.84.247] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.84.247/; sid:900609017; rev:1;) alert tcp $HOME_NET any -> [145.239.29.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.29.119/; sid:900609018; rev:1;) alert tcp $HOME_NET any -> [198.98.57.91] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.57.91/; sid:900609019; rev:1;) alert tcp $HOME_NET any -> [192.236.194.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.194.136/; sid:900609020; rev:1;) alert tcp $HOME_NET any -> [154.56.0.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.219/; sid:900609021; rev:1;) alert tcp $HOME_NET any -> [192.236.161.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.161.191/; sid:900609022; rev:1;) alert tcp $HOME_NET any -> [104.168.156.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.156.224/; sid:900609023; rev:1;) alert tcp $HOME_NET any -> [64.44.101.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.101.250/; sid:900609024; rev:1;) alert tcp $HOME_NET any -> [149.255.35.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.183/; sid:900609025; rev:1;) alert tcp $HOME_NET any -> [46.21.153.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.246/; sid:900609026; rev:1;) alert tcp $HOME_NET any -> [103.175.16.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.52/; sid:900609027; rev:1;) alert tcp $HOME_NET any -> [103.175.16.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.47/; sid:900609028; rev:1;) alert tcp $HOME_NET any -> [103.175.16.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.117/; sid:900609029; rev:1;) alert tcp $HOME_NET any -> [23.227.198.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.198.241/; sid:900609030; rev:1;) alert tcp $HOME_NET any -> [103.175.16.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.54/; sid:900609031; rev:1;) alert tcp $HOME_NET any -> [63.141.248.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.141.248.253/; sid:900609032; rev:1;) alert tcp $HOME_NET any -> [64.44.102.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.150/; sid:900609033; rev:1;) alert tcp $HOME_NET any -> [103.175.16.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.49/; sid:900609034; rev:1;) alert tcp $HOME_NET any -> [103.175.16.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.59/; sid:900609035; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609036; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609037; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609038; rev:1;) alert tcp $HOME_NET any -> [185.62.56.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.224/; sid:900609039; rev:1;) alert tcp $HOME_NET any -> [146.70.106.83] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.83/; sid:900609040; rev:1;) alert tcp $HOME_NET any -> [103.175.16.106] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.106/; sid:900609041; rev:1;) alert tcp $HOME_NET any -> [185.156.172.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.156.172.123/; sid:900609042; rev:1;) alert tcp $HOME_NET any -> [64.231.104.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.104.242/; sid:900609043; rev:1;) alert tcp $HOME_NET any -> [54.38.136.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.187/; sid:900609044; rev:1;) alert tcp $HOME_NET any -> [37.210.169.150] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.169.150/; sid:900609045; rev:1;) alert tcp $HOME_NET any -> [217.165.109.72] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.72/; sid:900609046; rev:1;) alert tcp $HOME_NET any -> [217.165.176.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.176.49/; sid:900609047; rev:1;) alert tcp $HOME_NET any -> [39.44.206.162] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.206.162/; sid:900609048; rev:1;) alert tcp $HOME_NET any -> [78.176.207.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.176.207.168/; sid:900609049; rev:1;) alert tcp $HOME_NET any -> [31.215.69.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.176/; sid:900609050; rev:1;) alert tcp $HOME_NET any -> [94.36.191.129] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.191.129/; sid:900609051; rev:1;) alert tcp $HOME_NET any -> [191.34.192.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.34.192.119/; sid:900609052; rev:1;) alert tcp $HOME_NET any -> [188.161.200.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.161.200.40/; sid:900609053; rev:1;) alert tcp $HOME_NET any -> [187.208.122.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.122.226/; sid:900609054; rev:1;) alert tcp $HOME_NET any -> [23.254.227.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.227.53/; sid:900609055; rev:1;) alert tcp $HOME_NET any -> [146.19.173.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.202/; sid:900609056; rev:1;) alert tcp $HOME_NET any -> [64.44.102.6] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.6/; sid:900609057; rev:1;) alert tcp $HOME_NET any -> [192.119.64.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.64.21/; sid:900609058; rev:1;) alert tcp $HOME_NET any -> [79.110.52.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.56/; sid:900609059; rev:1;) alert tcp $HOME_NET any -> [1.161.104.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.31/; sid:900609060; rev:1;) alert tcp $HOME_NET any -> [160.20.147.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.20.147.191/; sid:900609061; rev:1;) alert tcp $HOME_NET any -> [146.70.86.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.86.254/; sid:900609062; rev:1;) alert tcp $HOME_NET any -> [185.62.56.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.186/; sid:900609063; rev:1;) alert tcp $HOME_NET any -> [51.75.62.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.62.15/; sid:900609064; rev:1;) alert tcp $HOME_NET any -> [146.19.173.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.227/; sid:900609065; rev:1;) alert tcp $HOME_NET any -> [177.139.44.173] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.139.44.173/; sid:900609066; rev:1;) alert tcp $HOME_NET any -> [217.164.118.38] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.38/; sid:900609067; rev:1;) alert tcp $HOME_NET any -> [217.164.118.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.38/; sid:900609068; rev:1;) alert tcp $HOME_NET any -> [177.133.210.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.133.210.218/; sid:900609069; rev:1;) alert tcp $HOME_NET any -> [70.51.135.90] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.135.90/; sid:900609070; rev:1;) alert tcp $HOME_NET any -> [68.233.238.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.233.238.105/; sid:900609071; rev:1;) alert tcp $HOME_NET any -> [64.44.135.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.250/; sid:900609072; rev:1;) alert tcp $HOME_NET any -> [103.175.16.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.121/; sid:900609073; rev:1;) alert tcp $HOME_NET any -> [5.54.53.124] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.53.124/; sid:900609074; rev:1;) alert tcp $HOME_NET any -> [79.110.52.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.71/; sid:900609075; rev:1;) alert tcp $HOME_NET any -> [23.254.229.131] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.229.131/; sid:900609076; rev:1;) alert tcp $HOME_NET any -> [51.75.62.99] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.62.99/; sid:900609077; rev:1;) alert tcp $HOME_NET any -> [146.19.173.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.224/; sid:900609078; rev:1;) alert tcp $HOME_NET any -> [37.72.174.23] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.72.174.23/; sid:900609079; rev:1;) alert tcp $HOME_NET any -> [104.168.245.11] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.245.11/; sid:900609080; rev:1;) alert tcp $HOME_NET any -> [46.21.153.157] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.157/; sid:900609081; rev:1;) alert tcp $HOME_NET any -> [103.175.16.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.107/; sid:900609082; rev:1;) alert tcp $HOME_NET any -> [146.19.253.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.15/; sid:900609083; rev:1;) alert tcp $HOME_NET any -> [79.110.52.236] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.236/; sid:900609084; rev:1;) alert tcp $HOME_NET any -> [1.161.104.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.31/; sid:900609085; rev:1;) alert tcp $HOME_NET any -> [64.44.135.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.230/; sid:900609086; rev:1;) alert tcp $HOME_NET any -> [209.141.52.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.52.25/; sid:900609087; rev:1;) alert tcp $HOME_NET any -> [103.175.16.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.108/; sid:900609088; rev:1;) alert tcp $HOME_NET any -> [185.156.172.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.156.172.8/; sid:900609089; rev:1;) alert tcp $HOME_NET any -> [154.56.0.228] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.228/; sid:900609090; rev:1;) alert tcp $HOME_NET any -> [108.174.195.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.195.253/; sid:900609091; rev:1;) alert tcp $HOME_NET any -> [185.62.56.12] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.12/; sid:900609092; rev:1;) alert tcp $HOME_NET any -> [51.68.146.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.146.200/; sid:900609093; rev:1;) alert tcp $HOME_NET any -> [146.70.78.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.78.21/; sid:900609094; rev:1;) alert tcp $HOME_NET any -> [168.119.40.176] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.119.40.176/; sid:900609095; rev:1;) alert tcp $HOME_NET any -> [51.83.254.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.254.164/; sid:900609096; rev:1;) alert tcp $HOME_NET any -> [2.50.137.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.23/; sid:900609097; rev:1;) alert tcp $HOME_NET any -> [89.211.179.247] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.179.247/; sid:900609098; rev:1;) alert tcp $HOME_NET any -> [121.7.223.45] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.45/; sid:900609099; rev:1;) alert tcp $HOME_NET any -> [148.0.61.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.61.36/; sid:900609100; rev:1;) alert tcp $HOME_NET any -> [39.52.80.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.80.230/; sid:900609101; rev:1;) alert tcp $HOME_NET any -> [124.40.244.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.40.244.115/; sid:900609102; rev:1;) alert tcp $HOME_NET any -> [39.44.106.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.106.187/; sid:900609103; rev:1;) alert tcp $HOME_NET any -> [39.49.111.194] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.111.194/; sid:900609104; rev:1;) alert tcp $HOME_NET any -> [45.241.169.86] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.169.86/; sid:900609105; rev:1;) alert tcp $HOME_NET any -> [31.48.174.63] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.48.174.63/; sid:900609106; rev:1;) alert tcp $HOME_NET any -> [1.161.123.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.180/; sid:900609107; rev:1;) alert tcp $HOME_NET any -> [1.161.123.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.180/; sid:900609108; rev:1;) alert tcp $HOME_NET any -> [217.165.97.52] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.97.52/; sid:900609109; rev:1;) alert tcp $HOME_NET any -> [177.205.155.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.155.85/; sid:900609110; rev:1;) alert tcp $HOME_NET any -> [191.112.1.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.1.69/; sid:900609111; rev:1;) alert tcp $HOME_NET any -> [86.97.9.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.190/; sid:900609112; rev:1;) alert tcp $HOME_NET any -> [187.208.127.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.127.127/; sid:900609113; rev:1;) alert tcp $HOME_NET any -> [212.114.52.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.114.52.46/; sid:900609115; rev:1;) alert tcp $HOME_NET any -> [146.19.253.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.49/; sid:900609116; rev:1;) alert tcp $HOME_NET any -> [154.56.0.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.231/; sid:900609117; rev:1;) alert tcp $HOME_NET any -> [197.92.129.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.129.0/; sid:900609118; rev:1;) alert tcp $HOME_NET any -> [146.70.53.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.53.183/; sid:900609119; rev:1;) alert tcp $HOME_NET any -> [104.168.164.153] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.164.153/; sid:900609120; rev:1;) alert tcp $HOME_NET any -> [193.27.14.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.27.14.242/; sid:900609121; rev:1;) alert tcp $HOME_NET any -> [197.83.230.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.230.112/; sid:900609122; rev:1;) alert tcp $HOME_NET any -> [46.21.153.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.145/; sid:900609123; rev:1;) alert tcp $HOME_NET any -> [149.255.35.134] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.134/; sid:900609124; rev:1;) alert tcp $HOME_NET any -> [45.147.229.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.50/; sid:900609125; rev:1;) alert tcp $HOME_NET any -> [146.19.173.109] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.109/; sid:900609126; rev:1;) alert tcp $HOME_NET any -> [146.19.253.6] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.6/; sid:900609127; rev:1;) alert tcp $HOME_NET any -> [104.168.174.210] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.174.210/; sid:900609128; rev:1;) alert tcp $HOME_NET any -> [86.98.151.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.151.244/; sid:900609129; rev:1;) alert tcp $HOME_NET any -> [72.27.33.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.33.160/; sid:900609130; rev:1;) alert tcp $HOME_NET any -> [201.145.165.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.165.25/; sid:900609131; rev:1;) alert tcp $HOME_NET any -> [39.44.120.20] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.120.20/; sid:900609132; rev:1;) alert tcp $HOME_NET any -> [197.167.61.123] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.61.123/; sid:900609133; rev:1;) alert tcp $HOME_NET any -> [104.244.79.94] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.79.94/; sid:900609134; rev:1;) alert tcp $HOME_NET any -> [157.245.111.0] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.111.0/; sid:900609135; rev:1;) alert tcp $HOME_NET any -> [103.224.241.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.241.74/; sid:900609136; rev:1;) alert tcp $HOME_NET any -> [51.83.251.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.251.245/; sid:900609137; rev:1;) alert tcp $HOME_NET any -> [185.62.56.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.21/; sid:900609138; rev:1;) alert tcp $HOME_NET any -> [154.56.0.236] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.236/; sid:900609139; rev:1;) alert tcp $HOME_NET any -> [177.94.57.126] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.57.126/; sid:900609140; rev:1;) alert tcp $HOME_NET any -> [37.120.198.248] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.198.248/; sid:900609141; rev:1;) alert tcp $HOME_NET any -> [192.236.249.68] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.249.68/; sid:900609142; rev:1;) alert tcp $HOME_NET any -> [146.19.173.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.139/; sid:900609143; rev:1;) alert tcp $HOME_NET any -> [217.165.84.153] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.153/; sid:900609144; rev:1;) alert tcp $HOME_NET any -> [197.89.128.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.128.212/; sid:900609145; rev:1;) alert tcp $HOME_NET any -> [45.147.229.223] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.223/; sid:900609146; rev:1;) alert tcp $HOME_NET any -> [185.62.58.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.126/; sid:900609147; rev:1;) alert tcp $HOME_NET any -> [154.56.0.238] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.238/; sid:900609148; rev:1;) alert tcp $HOME_NET any -> [207.180.241.186] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.241.186/; sid:900609149; rev:1;) alert tcp $HOME_NET any -> [41.73.252.195] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.73.252.195/; sid:900609150; rev:1;) alert tcp $HOME_NET any -> [193.239.84.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.84.254/; sid:900609151; rev:1;) alert tcp $HOME_NET any -> [45.147.229.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.101/; sid:900609152; rev:1;) alert tcp $HOME_NET any -> [51.68.147.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.147.233/; sid:900609153; rev:1;) alert tcp $HOME_NET any -> [185.62.56.128] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.128/; sid:900609154; rev:1;) alert tcp $HOME_NET any -> [51.83.250.240] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.240/; sid:900609155; rev:1;) alert tcp $HOME_NET any -> [103.144.139.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.18/; sid:900609156; rev:1;) alert tcp $HOME_NET any -> [179.100.20.32] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.100.20.32/; sid:900609157; rev:1;) alert tcp $HOME_NET any -> [185.62.57.19] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.19/; sid:900609158; rev:1;) alert tcp $HOME_NET any -> [162.243.103.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.103.246/; sid:900609159; rev:1;) alert tcp $HOME_NET any -> [104.237.145.172] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.237.145.172/; sid:900609160; rev:1;) alert tcp $HOME_NET any -> [45.55.134.126] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900609161; rev:1;) alert tcp $HOME_NET any -> [198.211.118.165] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.211.118.165/; sid:900609162; rev:1;) alert tcp $HOME_NET any -> [161.35.96.229] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.96.229/; sid:900609163; rev:1;) alert tcp $HOME_NET any -> [207.154.208.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900609164; rev:1;) alert tcp $HOME_NET any -> [134.209.164.181] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.164.181/; sid:900609165; rev:1;) alert tcp $HOME_NET any -> [203.217.140.239] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.140.239/; sid:900609166; rev:1;) alert tcp $HOME_NET any -> [58.96.74.42] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.96.74.42/; sid:900609167; rev:1;) alert tcp $HOME_NET any -> [218.38.121.17] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.121.17/; sid:900609168; rev:1;) alert tcp $HOME_NET any -> [45.153.240.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.139/; sid:900609169; rev:1;) alert tcp $HOME_NET any -> [51.68.144.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.144.94/; sid:900609170; rev:1;) alert tcp $HOME_NET any -> [79.110.52.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.104/; sid:900609171; rev:1;) alert tcp $HOME_NET any -> [146.19.173.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.116/; sid:900609172; rev:1;) alert tcp $HOME_NET any -> [146.70.95.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.95.244/; sid:900609173; rev:1;) alert tcp $HOME_NET any -> [154.56.0.240] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.240/; sid:900609174; rev:1;) alert tcp $HOME_NET any -> [185.62.58.169] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.169/; sid:900609175; rev:1;) alert tcp $HOME_NET any -> [198.27.67.35] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900609176; rev:1;) alert tcp $HOME_NET any -> [165.227.153.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.153.100/; sid:900609177; rev:1;) alert tcp $HOME_NET any -> [190.107.19.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.107.19.180/; sid:900609178; rev:1;) alert tcp $HOME_NET any -> [194.163.154.164] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.163.154.164/; sid:900609179; rev:1;) alert tcp $HOME_NET any -> [34.85.105.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.85.105.209/; sid:900609180; rev:1;) alert tcp $HOME_NET any -> [212.7.211.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.7.211.113/; sid:900609181; rev:1;) alert tcp $HOME_NET any -> [31.22.4.160] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.22.4.160/; sid:900609182; rev:1;) alert tcp $HOME_NET any -> [45.186.16.18] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.186.16.18/; sid:900609183; rev:1;) alert tcp $HOME_NET any -> [45.153.240.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.155/; sid:900609184; rev:1;) alert tcp $HOME_NET any -> [54.37.130.166] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.166/; sid:900609185; rev:1;) alert tcp $HOME_NET any -> [142.11.196.174] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.196.174/; sid:900609186; rev:1;) alert tcp $HOME_NET any -> [173.249.25.219] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.25.219/; sid:900609187; rev:1;) alert tcp $HOME_NET any -> [212.83.184.188] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.184.188/; sid:900609188; rev:1;) alert tcp $HOME_NET any -> [82.223.82.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.223.82.69/; sid:900609189; rev:1;) alert tcp $HOME_NET any -> [128.199.225.17] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.225.17/; sid:900609190; rev:1;) alert tcp $HOME_NET any -> [178.128.27.77] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.27.77/; sid:900609191; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900609192; rev:1;) alert tcp $HOME_NET any -> [103.159.224.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.159.224.46/; sid:900609193; rev:1;) alert tcp $HOME_NET any -> [154.56.0.214] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.214/; sid:900609194; rev:1;) alert tcp $HOME_NET any -> [88.224.254.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.224.254.172/; sid:900609195; rev:1;) alert tcp $HOME_NET any -> [197.89.8.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.51/; sid:900609196; rev:1;) alert tcp $HOME_NET any -> [201.142.177.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.177.168/; sid:900609197; rev:1;) alert tcp $HOME_NET any -> [148.0.56.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.56.63/; sid:900609198; rev:1;) alert tcp $HOME_NET any -> [217.164.121.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.121.161/; sid:900609199; rev:1;) alert tcp $HOME_NET any -> [23.254.201.97] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.201.97/; sid:900609200; rev:1;) alert tcp $HOME_NET any -> [194.135.33.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.149/; sid:900609201; rev:1;) alert tcp $HOME_NET any -> [154.56.0.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.241/; sid:900609202; rev:1;) alert tcp $HOME_NET any -> [39.49.96.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.96.122/; sid:900609203; rev:1;) alert tcp $HOME_NET any -> [104.236.40.81] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.40.81/; sid:900609204; rev:1;) alert tcp $HOME_NET any -> [138.197.68.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.68.35/; sid:900609205; rev:1;) alert tcp $HOME_NET any -> [146.70.104.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.104.250/; sid:900609206; rev:1;) alert tcp $HOME_NET any -> [185.62.58.133] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.133/; sid:900609207; rev:1;) alert tcp $HOME_NET any -> [154.56.0.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.242/; sid:900609208; rev:1;) alert tcp $HOME_NET any -> [39.44.213.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.213.68/; sid:900609209; rev:1;) alert tcp $HOME_NET any -> [197.164.182.46] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.182.46/; sid:900609211; rev:1;) alert tcp $HOME_NET any -> [94.36.193.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.193.176/; sid:900609212; rev:1;) alert tcp $HOME_NET any -> [54.37.131.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.107/; sid:900609213; rev:1;) alert tcp $HOME_NET any -> [54.37.130.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.77/; sid:900609214; rev:1;) alert tcp $HOME_NET any -> [185.62.58.222] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.222/; sid:900609215; rev:1;) alert tcp $HOME_NET any -> [88.232.220.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.232.220.207/; sid:900609216; rev:1;) alert tcp $HOME_NET any -> [41.84.236.245] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.236.245/; sid:900609217; rev:1;) alert tcp $HOME_NET any -> [39.49.101.104] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.101.104/; sid:900609218; rev:1;) alert tcp $HOME_NET any -> [189.78.107.163] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.78.107.163/; sid:900609219; rev:1;) alert tcp $HOME_NET any -> [37.210.170.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.170.123/; sid:900609220; rev:1;) alert tcp $HOME_NET any -> [191.34.120.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.34.120.8/; sid:900609221; rev:1;) alert tcp $HOME_NET any -> [37.208.135.172] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.135.172/; sid:900609222; rev:1;) alert tcp $HOME_NET any -> [31.215.185.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.26/; sid:900609223; rev:1;) alert tcp $HOME_NET any -> [191.112.12.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.12.128/; sid:900609224; rev:1;) alert tcp $HOME_NET any -> [178.128.31.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.31.80/; sid:900609225; rev:1;) alert tcp $HOME_NET any -> [51.161.73.194] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.161.73.194/; sid:900609226; rev:1;) alert tcp $HOME_NET any -> [157.245.196.132] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.196.132/; sid:900609227; rev:1;) alert tcp $HOME_NET any -> [201.103.141.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.141.2/; sid:900609228; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900609229; rev:1;) alert tcp $HOME_NET any -> [165.22.254.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.254.68/; sid:900609230; rev:1;) alert tcp $HOME_NET any -> [217.165.109.10] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.10/; sid:900609232; rev:1;) alert tcp $HOME_NET any -> [213.232.235.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.235.227/; sid:900609233; rev:1;) alert tcp $HOME_NET any -> [83.110.92.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.92.106/; sid:900609234; rev:1;) alert tcp $HOME_NET any -> [1.161.123.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.53/; sid:900609235; rev:1;) alert tcp $HOME_NET any -> [45.153.240.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.56/; sid:900609236; rev:1;) alert tcp $HOME_NET any -> [45.150.67.154] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.150.67.154/; sid:900609237; rev:1;) alert tcp $HOME_NET any -> [154.56.0.215] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.215/; sid:900609238; rev:1;) alert tcp $HOME_NET any -> [185.62.57.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.20/; sid:900609239; rev:1;) alert tcp $HOME_NET any -> [146.70.104.229] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.104.229/; sid:900609240; rev:1;) alert tcp $HOME_NET any -> [39.44.235.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.235.10/; sid:900609241; rev:1;) alert tcp $HOME_NET any -> [194.135.33.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.16/; sid:900609242; rev:1;) alert tcp $HOME_NET any -> [45.138.172.22] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.172.22/; sid:900609243; rev:1;) alert tcp $HOME_NET any -> [141.98.168.70] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.98.168.70/; sid:900609244; rev:1;) alert tcp $HOME_NET any -> [1.161.123.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.53/; sid:900609245; rev:1;) alert tcp $HOME_NET any -> [195.133.192.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.105/; sid:900609246; rev:1;) alert tcp $HOME_NET any -> [142.11.206.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.206.199/; sid:900609247; rev:1;) alert tcp $HOME_NET any -> [78.101.91.101] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.91.101/; sid:900609248; rev:1;) alert tcp $HOME_NET any -> [78.177.60.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.177.60.224/; sid:900609249; rev:1;) alert tcp $HOME_NET any -> [39.44.215.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.215.70/; sid:900609250; rev:1;) alert tcp $HOME_NET any -> [197.87.182.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.115/; sid:900609251; rev:1;) alert tcp $HOME_NET any -> [197.94.94.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.94.206/; sid:900609252; rev:1;) alert tcp $HOME_NET any -> [45.142.214.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.214.167/; sid:900609253; rev:1;) alert tcp $HOME_NET any -> [86.132.14.70] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.14.70/; sid:900609254; rev:1;) alert tcp $HOME_NET any -> [41.84.246.251] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.246.251/; sid:900609255; rev:1;) alert tcp $HOME_NET any -> [191.112.4.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.4.17/; sid:900609256; rev:1;) alert tcp $HOME_NET any -> [189.223.102.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.102.22/; sid:900609257; rev:1;) alert tcp $HOME_NET any -> [217.165.84.253] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.253/; sid:900609258; rev:1;) alert tcp $HOME_NET any -> [187.149.236.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.236.5/; sid:900609259; rev:1;) alert tcp $HOME_NET any -> [45.147.231.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.231.202/; sid:900609260; rev:1;) alert tcp $HOME_NET any -> [185.62.57.27] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.27/; sid:900609261; rev:1;) alert tcp $HOME_NET any -> [51.68.145.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.145.54/; sid:900609262; rev:1;) alert tcp $HOME_NET any -> [193.233.203.243] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.233.203.243/; sid:900609263; rev:1;) alert tcp $HOME_NET any -> [173.249.2.236] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.2.236/; sid:900609264; rev:1;) alert tcp $HOME_NET any -> [151.80.62.92] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.62.92/; sid:900609265; rev:1;) alert tcp $HOME_NET any -> [45.93.136.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.93.136.110/; sid:900609266; rev:1;) alert tcp $HOME_NET any -> [148.0.55.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.55.173/; sid:900609267; rev:1;) alert tcp $HOME_NET any -> [41.84.249.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.249.88/; sid:900609268; rev:1;) alert tcp $HOME_NET any -> [191.112.21.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.21.157/; sid:900609269; rev:1;) alert tcp $HOME_NET any -> [144.91.78.55] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.78.55/; sid:900609270; rev:1;) alert tcp $HOME_NET any -> [172.105.226.75] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.226.75/; sid:900609271; rev:1;) alert tcp $HOME_NET any -> [167.86.75.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.75.145/; sid:900609272; rev:1;) alert tcp $HOME_NET any -> [37.187.114.15] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.114.15/; sid:900609273; rev:1;) alert tcp $HOME_NET any -> [190.107.19.179] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.107.19.179/; sid:900609274; rev:1;) alert tcp $HOME_NET any -> [122.118.131.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.118.131.132/; sid:900609275; rev:1;) alert tcp $HOME_NET any -> [222.169.71.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.169.71.98/; sid:900609276; rev:1;) alert tcp $HOME_NET any -> [185.62.57.182] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.182/; sid:900609277; rev:1;) alert tcp $HOME_NET any -> [185.250.148.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.148.136/; sid:900609278; rev:1;) alert tcp $HOME_NET any -> [158.69.98.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.98.105/; sid:900609279; rev:1;) alert tcp $HOME_NET any -> [86.97.247.161] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.161/; sid:900609280; rev:1;) alert tcp $HOME_NET any -> [86.97.247.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.161/; sid:900609281; rev:1;) alert tcp $HOME_NET any -> [146.70.124.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.77/; sid:900609282; rev:1;) alert tcp $HOME_NET any -> [187.208.115.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.115.219/; sid:900609283; rev:1;) alert tcp $HOME_NET any -> [177.156.75.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.156.75.107/; sid:900609284; rev:1;) alert tcp $HOME_NET any -> [187.250.202.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.202.2/; sid:900609285; rev:1;) alert tcp $HOME_NET any -> [69.63.64.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.63.64.48/; sid:900609286; rev:1;) alert tcp $HOME_NET any -> [201.73.143.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.73.143.120/; sid:900609287; rev:1;) alert tcp $HOME_NET any -> [154.56.0.252] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.252/; sid:900609288; rev:1;) alert tcp $HOME_NET any -> [104.168.219.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.219.94/; sid:900609289; rev:1;) alert tcp $HOME_NET any -> [45.153.241.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.187/; sid:900609290; rev:1;) alert tcp $HOME_NET any -> [183.87.16.11] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.16.11/; sid:900609291; rev:1;) alert tcp $HOME_NET any -> [31.215.69.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.187/; sid:900609292; rev:1;) alert tcp $HOME_NET any -> [31.215.214.175] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.175/; sid:900609293; rev:1;) alert tcp $HOME_NET any -> [146.19.173.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.186/; sid:900609294; rev:1;) alert tcp $HOME_NET any -> [145.239.28.110] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.28.110/; sid:900609295; rev:1;) alert tcp $HOME_NET any -> [45.84.0.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.84.0.13/; sid:900609296; rev:1;) alert tcp $HOME_NET any -> [39.44.83.200] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.83.200/; sid:900609297; rev:1;) alert tcp $HOME_NET any -> [78.189.136.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.136.231/; sid:900609298; rev:1;) alert tcp $HOME_NET any -> [197.89.21.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.21.195/; sid:900609299; rev:1;) alert tcp $HOME_NET any -> [54.37.136.187] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.136.187/; sid:900609300; rev:1;) alert tcp $HOME_NET any -> [206.189.40.42] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.40.42/; sid:900609301; rev:1;) alert tcp $HOME_NET any -> [135.148.6.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.148.6.80/; sid:900609302; rev:1;) alert tcp $HOME_NET any -> [139.162.113.169] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.113.169/; sid:900609303; rev:1;) alert tcp $HOME_NET any -> [146.70.124.90] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.90/; sid:900609304; rev:1;) alert tcp $HOME_NET any -> [185.62.58.209] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.209/; sid:900609305; rev:1;) alert tcp $HOME_NET any -> [154.56.0.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.100/; sid:900609306; rev:1;) alert tcp $HOME_NET any -> [46.101.234.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.234.246/; sid:900609307; rev:1;) alert tcp $HOME_NET any -> [77.72.149.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.149.48/; sid:900609308; rev:1;) alert tcp $HOME_NET any -> [192.236.192.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.192.164/; sid:900609309; rev:1;) alert tcp $HOME_NET any -> [154.56.0.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.102/; sid:900609310; rev:1;) alert tcp $HOME_NET any -> [154.56.0.248] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.248/; sid:900609311; rev:1;) alert tcp $HOME_NET any -> [83.110.91.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.151/; sid:900609312; rev:1;) alert tcp $HOME_NET any -> [45.153.241.234] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.234/; sid:900609313; rev:1;) alert tcp $HOME_NET any -> [146.19.173.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.105/; sid:900609314; rev:1;) alert tcp $HOME_NET any -> [142.11.216.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.216.143/; sid:900609315; rev:1;) alert tcp $HOME_NET any -> [51.210.158.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.158.156/; sid:900609316; rev:1;) alert tcp $HOME_NET any -> [146.70.125.122] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic d