################################################################
# abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive)  #
# Last updated: 2021-04-09 20:48:35 UTC                        #
#                                                              #
# Terms Of Use: https://feodotracker.abuse.ch/blocklist/       #
# For questions please contact feodotracker [at] abuse.ch      #
################################################################
#
alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900605001; rev:1;)
alert tcp $HOME_NET any -> [192.73.238.101] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.73.238.101/; sid:900605002; rev:1;)
alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900605003; rev:1;)
alert tcp $HOME_NET any -> [194.58.98.196] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.58.98.196/; sid:900605004; rev:1;)
alert tcp $HOME_NET any -> [142.4.6.57] 14043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.6.57/; sid:900605005; rev:1;)
alert tcp $HOME_NET any -> [64.225.35.35] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.35.35/; sid:900605006; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.230] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605007; rev:1;)
alert tcp $HOME_NET any -> [103.110.53.174] 449 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.53.174/; sid:900605008; rev:1;)
alert tcp $HOME_NET any -> [93.186.200.154] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.186.200.154/; sid:900605009; rev:1;)
alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900605010; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605011; rev:1;)
alert tcp $HOME_NET any -> [5.9.178.143] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.143/; sid:900605012; rev:1;)
alert tcp $HOME_NET any -> [37.139.2.140] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.2.140/; sid:900605013; rev:1;)
alert tcp $HOME_NET any -> [49.212.179.180] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.179.180/; sid:900605014; rev:1;)
alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605016; rev:1;)
alert tcp $HOME_NET any -> [195.231.69.151] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.69.151/; sid:900605018; rev:1;)
alert tcp $HOME_NET any -> [221.126.244.72] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.126.244.72/; sid:900605019; rev:1;)
alert tcp $HOME_NET any -> [157.7.166.26] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.166.26/; sid:900605020; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.83] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.83/; sid:900605021; rev:1;)
alert tcp $HOME_NET any -> [208.71.173.207] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.71.173.207/; sid:900605022; rev:1;)
alert tcp $HOME_NET any -> [80.86.91.27] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.91.27/; sid:900605023; rev:1;)
alert tcp $HOME_NET any -> [5.100.228.233] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.100.228.233/; sid:900605024; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.37] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.37/; sid:900605025; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.65] 1512 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.65/; sid:900605026; rev:1;)
alert tcp $HOME_NET any -> [69.64.62.4] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900605027; rev:1;)
alert tcp $HOME_NET any -> [162.241.44.26] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.44.26/; sid:900605028; rev:1;)
alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900605029; rev:1;)
alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900605030; rev:1;)
alert tcp $HOME_NET any -> [194.150.118.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.7/; sid:900605031; rev:1;)
alert tcp $HOME_NET any -> [199.66.90.63] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.66.90.63/; sid:900605035; rev:1;)
alert tcp $HOME_NET any -> [81.169.224.222] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.224.222/; sid:900605036; rev:1;)
alert tcp $HOME_NET any -> [62.75.168.106] 3886 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.106/; sid:900605037; rev:1;)
alert tcp $HOME_NET any -> [82.165.152.127] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.152.127/; sid:900605038; rev:1;)
alert tcp $HOME_NET any -> [178.254.40.132] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.132/; sid:900605039; rev:1;)
alert tcp $HOME_NET any -> [216.172.165.70] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.172.165.70/; sid:900605041; rev:1;)
alert tcp $HOME_NET any -> [85.207.13.169] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.207.13.169/; sid:900605043; rev:1;)
alert tcp $HOME_NET any -> [104.131.164.93] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.164.93/; sid:900605045; rev:1;)
alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900605046; rev:1;)
alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900605047; rev:1;)
alert tcp $HOME_NET any -> [94.126.8.2] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.126.8.2/; sid:900605054; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.39/; sid:900605055; rev:1;)
alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900605056; rev:1;)
alert tcp $HOME_NET any -> [89.174.36.41] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.174.36.41/; sid:900605057; rev:1;)
alert tcp $HOME_NET any -> [169.255.216.36] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.216.36/; sid:900605058; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.122] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.122/; sid:900605059; rev:1;)
alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900605063; rev:1;)
alert tcp $HOME_NET any -> [67.79.105.174] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.105.174/; sid:900605065; rev:1;)
alert tcp $HOME_NET any -> [45.79.226.106] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.226.106/; sid:900605066; rev:1;)
alert tcp $HOME_NET any -> [2.58.16.89] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.89/; sid:900605067; rev:1;)
alert tcp $HOME_NET any -> [27.254.174.93] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.93/; sid:900605068; rev:1;)
alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900605069; rev:1;)
alert tcp $HOME_NET any -> [45.56.127.75] 49160 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.127.75/; sid:900605070; rev:1;)
alert tcp $HOME_NET any -> [103.41.110.115] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.41.110.115/; sid:900605071; rev:1;)
alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900605072; rev:1;)
alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900605073; rev:1;)
alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900605074; rev:1;)
alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900605075; rev:1;)
alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900605076; rev:1;)
alert tcp $HOME_NET any -> [188.165.17.91] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.17.91/; sid:900605077; rev:1;)
alert tcp $HOME_NET any -> [188.40.34.210] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.34.210/; sid:900605078; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.229] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.229/; sid:900605079; rev:1;)
alert tcp $HOME_NET any -> [178.62.23.64] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.23.64/; sid:900605081; rev:1;)
alert tcp $HOME_NET any -> [167.99.158.82] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.158.82/; sid:900605082; rev:1;)
alert tcp $HOME_NET any -> [103.244.206.74] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.244.206.74/; sid:900605083; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900605084; rev:1;)
alert tcp $HOME_NET any -> [162.241.204.233] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.233/; sid:900605085; rev:1;)
alert tcp $HOME_NET any -> [138.122.143.40] 8043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.143.40/; sid:900605086; rev:1;)
alert tcp $HOME_NET any -> [198.57.200.100] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.200.100/; sid:900605087; rev:1;)
alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900605088; rev:1;)
alert tcp $HOME_NET any -> [85.25.109.116] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.109.116/; sid:900605089; rev:1;)
alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900605090; rev:1;)
alert tcp $HOME_NET any -> [87.106.89.36] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.89.36/; sid:900605091; rev:1;)
alert tcp $HOME_NET any -> [51.15.176.55] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.176.55/; sid:900605092; rev:1;)
alert tcp $HOME_NET any -> [27.254.174.84] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.84/; sid:900605093; rev:1;)
alert tcp $HOME_NET any -> [172.86.186.22] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.186.22/; sid:900605094; rev:1;)
alert tcp $HOME_NET any -> [62.138.14.216] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.14.216/; sid:900605095; rev:1;)
alert tcp $HOME_NET any -> [46.4.83.131] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.83.131/; sid:900605096; rev:1;)
alert tcp $HOME_NET any -> [213.202.229.72] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.202.229.72/; sid:900605097; rev:1;)
alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900605098; rev:1;)
alert tcp $HOME_NET any -> [8.4.9.152] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.4.9.152/; sid:900605099; rev:1;)
alert tcp $HOME_NET any -> [185.246.87.202] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.87.202/; sid:900605100; rev:1;)
alert tcp $HOME_NET any -> [69.16.193.166] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.193.166/; sid:900605101; rev:1;)
alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900605104; rev:1;)
alert tcp $HOME_NET any -> [45.77.154.161] 1688 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.154.161/; sid:900605105; rev:1;)
alert tcp $HOME_NET any -> [69.164.207.140] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.207.140/; sid:900605106; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.78] 14431 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.78/; sid:900605107; rev:1;)
alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900605108; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605109; rev:1;)
alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605110; rev:1;)
alert tcp $HOME_NET any -> [107.172.188.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.188.113/; sid:900605111; rev:1;)
alert tcp $HOME_NET any -> [5.202.150.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.202.150.151/; sid:900605112; rev:1;)
alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900605113; rev:1;)
alert tcp $HOME_NET any -> [185.109.54.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.109.54.99/; sid:900605114; rev:1;)
alert tcp $HOME_NET any -> [190.151.130.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.130.12/; sid:900605115; rev:1;)
alert tcp $HOME_NET any -> [36.94.167.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900605116; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605117; rev:1;)
alert tcp $HOME_NET any -> [45.230.244.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.244.20/; sid:900605118; rev:1;)
alert tcp $HOME_NET any -> [58.97.211.3] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.97.211.3/; sid:900605119; rev:1;)
alert tcp $HOME_NET any -> [186.250.157.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.157.116/; sid:900605120; rev:1;)
alert tcp $HOME_NET any -> [190.214.12.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.12.202/; sid:900605121; rev:1;)
alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900605123; rev:1;)
alert tcp $HOME_NET any -> [200.52.147.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.147.93/; sid:900605124; rev:1;)
alert tcp $HOME_NET any -> [45.226.124.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605125; rev:1;)
alert tcp $HOME_NET any -> [187.189.99.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.99.216/; sid:900605126; rev:1;)
alert tcp $HOME_NET any -> [45.148.120.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.173/; sid:900605127; rev:1;)
alert tcp $HOME_NET any -> [45.234.212.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.212.234/; sid:900605129; rev:1;)
alert tcp $HOME_NET any -> [36.94.113.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.113.249/; sid:900605130; rev:1;)
alert tcp $HOME_NET any -> [185.118.15.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.118.15.137/; sid:900605131; rev:1;)
alert tcp $HOME_NET any -> [212.126.125.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.126.125.10/; sid:900605132; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900605136; rev:1;)
alert tcp $HOME_NET any -> [222.124.7.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.7.150/; sid:900605137; rev:1;)
alert tcp $HOME_NET any -> [36.94.62.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.62.207/; sid:900605138; rev:1;)
alert tcp $HOME_NET any -> [45.155.173.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.196/; sid:900605140; rev:1;)
alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900605147; rev:1;)
alert tcp $HOME_NET any -> [103.69.216.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.216.154/; sid:900605148; rev:1;)
alert tcp $HOME_NET any -> [43.245.216.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.238/; sid:900605153; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.24/; sid:900605156; rev:1;)
alert tcp $HOME_NET any -> [186.137.85.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.85.76/; sid:900605159; rev:1;)
alert tcp $HOME_NET any -> [182.253.107.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.107.34/; sid:900605167; rev:1;)
alert tcp $HOME_NET any -> [103.91.244.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.50/; sid:900605168; rev:1;)
alert tcp $HOME_NET any -> [177.221.108.198] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.108.198/; sid:900605171; rev:1;)
alert tcp $HOME_NET any -> [104.161.32.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.108/; sid:900605172; rev:1;)
alert tcp $HOME_NET any -> [50.116.111.64] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.64/; sid:900605173; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.234] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900605174; rev:1;)
alert tcp $HOME_NET any -> [194.225.58.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.225.58.214/; sid:900605175; rev:1;)
alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900605176; rev:1;)
alert tcp $HOME_NET any -> [85.204.116.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.83/; sid:900605178; rev:1;)
alert tcp $HOME_NET any -> [83.151.14.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.151.14.13/; sid:900605179; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.40] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.40/; sid:900605200; rev:1;)
alert tcp $HOME_NET any -> [12.175.220.98] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.175.220.98/; sid:900605201; rev:1;)
alert tcp $HOME_NET any -> [24.178.90.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.90.49/; sid:900605202; rev:1;)
alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:900605203; rev:1;)
alert tcp $HOME_NET any -> [175.103.38.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.38.146/; sid:900605204; rev:1;)
alert tcp $HOME_NET any -> [69.49.88.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.49.88.46/; sid:900605205; rev:1;)
alert tcp $HOME_NET any -> [167.114.153.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.153.111/; sid:900605206; rev:1;)
alert tcp $HOME_NET any -> [194.190.67.75] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.67.75/; sid:900605207; rev:1;)
alert tcp $HOME_NET any -> [61.19.246.238] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.246.238/; sid:900605208; rev:1;)
alert tcp $HOME_NET any -> [95.9.5.93] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.5.93/; sid:900605209; rev:1;)
alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900605210; rev:1;)
alert tcp $HOME_NET any -> [115.94.207.99] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.94.207.99/; sid:900605211; rev:1;)
alert tcp $HOME_NET any -> [81.214.253.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.253.80/; sid:900605212; rev:1;)
alert tcp $HOME_NET any -> [220.245.198.194] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.198.194/; sid:900605213; rev:1;)
alert tcp $HOME_NET any -> [120.150.60.189] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.60.189/; sid:900605214; rev:1;)
alert tcp $HOME_NET any -> [110.142.236.207] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.236.207/; sid:900605215; rev:1;)
alert tcp $HOME_NET any -> [12.163.208.58] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.163.208.58/; sid:900605216; rev:1;)
alert tcp $HOME_NET any -> [81.215.230.173] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.230.173/; sid:900605217; rev:1;)
alert tcp $HOME_NET any -> [60.93.23.51] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.93.23.51/; sid:900605219; rev:1;)
alert tcp $HOME_NET any -> [78.90.78.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.90.78.210/; sid:900605220; rev:1;)
alert tcp $HOME_NET any -> [177.23.7.151] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.23.7.151/; sid:900605221; rev:1;)
alert tcp $HOME_NET any -> [161.49.84.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.49.84.2/; sid:900605222; rev:1;)
alert tcp $HOME_NET any -> [85.105.111.166] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.111.166/; sid:900605223; rev:1;)
alert tcp $HOME_NET any -> [65.32.168.171] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.32.168.171/; sid:900605224; rev:1;)
alert tcp $HOME_NET any -> [64.207.182.168] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.182.168/; sid:900605225; rev:1;)
alert tcp $HOME_NET any -> [120.150.218.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900605226; rev:1;)
alert tcp $HOME_NET any -> [172.125.40.123] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.125.40.123/; sid:900605227; rev:1;)
alert tcp $HOME_NET any -> [45.16.226.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.16.226.117/; sid:900605228; rev:1;)
alert tcp $HOME_NET any -> [110.37.224.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.224.243/; sid:900605229; rev:1;)
alert tcp $HOME_NET any -> [103.93.220.182] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.93.220.182/; sid:900605231; rev:1;)
alert tcp $HOME_NET any -> [91.75.75.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.75.75.46/; sid:900605232; rev:1;)
alert tcp $HOME_NET any -> [185.201.9.197] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.201.9.197/; sid:900605233; rev:1;)
alert tcp $HOME_NET any -> [163.53.204.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.204.180/; sid:900605234; rev:1;)
alert tcp $HOME_NET any -> [203.157.152.9] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.157.152.9/; sid:900605235; rev:1;)
alert tcp $HOME_NET any -> [185.208.226.142] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.208.226.142/; sid:900605236; rev:1;)
alert tcp $HOME_NET any -> [190.85.46.52] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.46.52/; sid:900605238; rev:1;)
alert tcp $HOME_NET any -> [188.165.214.98] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.98/; sid:900605239; rev:1;)
alert tcp $HOME_NET any -> [50.116.111.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.59/; sid:900605240; rev:1;)
alert tcp $HOME_NET any -> [190.103.228.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.228.24/; sid:900605243; rev:1;)
alert tcp $HOME_NET any -> [80.15.100.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.100.37/; sid:900605244; rev:1;)
alert tcp $HOME_NET any -> [117.2.139.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.139.117/; sid:900605245; rev:1;)
alert tcp $HOME_NET any -> [152.170.79.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.79.100/; sid:900605246; rev:1;)
alert tcp $HOME_NET any -> [211.215.18.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.215.18.93/; sid:900605247; rev:1;)
alert tcp $HOME_NET any -> [187.162.248.237] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.248.237/; sid:900605248; rev:1;)
alert tcp $HOME_NET any -> [110.39.160.38] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.160.38/; sid:900605249; rev:1;)
alert tcp $HOME_NET any -> [213.52.74.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.52.74.198/; sid:900605250; rev:1;)
alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900605251; rev:1;)
alert tcp $HOME_NET any -> [24.179.13.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.119/; sid:900605252; rev:1;)
alert tcp $HOME_NET any -> [121.124.124.40] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.124.124.40/; sid:900605253; rev:1;)
alert tcp $HOME_NET any -> [12.162.84.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900605254; rev:1;)
alert tcp $HOME_NET any -> [206.189.232.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.232.2/; sid:900605255; rev:1;)
alert tcp $HOME_NET any -> [51.89.36.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.36.180/; sid:900605256; rev:1;)
alert tcp $HOME_NET any -> [132.248.38.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.38.158/; sid:900605257; rev:1;)
alert tcp $HOME_NET any -> [75.177.207.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.207.146/; sid:900605258; rev:1;)
alert tcp $HOME_NET any -> [74.40.205.197] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.40.205.197/; sid:900605259; rev:1;)
alert tcp $HOME_NET any -> [62.84.75.50] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.84.75.50/; sid:900605260; rev:1;)
alert tcp $HOME_NET any -> [46.105.114.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.114.137/; sid:900605261; rev:1;)
alert tcp $HOME_NET any -> [109.99.146.210] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.99.146.210/; sid:900605262; rev:1;)
alert tcp $HOME_NET any -> [104.236.52.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.52.89/; sid:900605263; rev:1;)
alert tcp $HOME_NET any -> [223.17.215.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.215.76/; sid:900605264; rev:1;)
alert tcp $HOME_NET any -> [180.148.4.130] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.148.4.130/; sid:900605265; rev:1;)
alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:900605266; rev:1;)
alert tcp $HOME_NET any -> [115.21.224.117] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.21.224.117/; sid:900605268; rev:1;)
alert tcp $HOME_NET any -> [202.79.24.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.79.24.136/; sid:900605269; rev:1;)
alert tcp $HOME_NET any -> [181.30.61.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900605271; rev:1;)
alert tcp $HOME_NET any -> [110.172.180.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.180.180/; sid:900605273; rev:1;)
alert tcp $HOME_NET any -> [70.92.118.112] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.92.118.112/; sid:900605274; rev:1;)
alert tcp $HOME_NET any -> [59.21.235.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.21.235.119/; sid:900605275; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.244] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.244/; sid:900605276; rev:1;)
alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900605277; rev:1;)
alert tcp $HOME_NET any -> [110.39.162.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.162.2/; sid:900605278; rev:1;)
alert tcp $HOME_NET any -> [93.146.143.191] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.143.191/; sid:900605279; rev:1;)
alert tcp $HOME_NET any -> [172.245.248.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.248.239/; sid:900605280; rev:1;)
alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900605281; rev:1;)
alert tcp $HOME_NET any -> [110.145.11.73] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.11.73/; sid:900605282; rev:1;)
alert tcp $HOME_NET any -> [191.223.36.170] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.223.36.170/; sid:900605283; rev:1;)
alert tcp $HOME_NET any -> [82.145.43.153] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.145.43.153/; sid:900605284; rev:1;)
alert tcp $HOME_NET any -> [24.230.124.78] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.230.124.78/; sid:900605285; rev:1;)
alert tcp $HOME_NET any -> [110.145.101.66] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.101.66/; sid:900605286; rev:1;)
alert tcp $HOME_NET any -> [75.109.111.18] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.18/; sid:900605287; rev:1;)
alert tcp $HOME_NET any -> [175.207.12.52] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.12.52/; sid:900605288; rev:1;)
alert tcp $HOME_NET any -> [109.116.245.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.116.245.80/; sid:900605289; rev:1;)
alert tcp $HOME_NET any -> [45.230.228.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.228.26/; sid:900605290; rev:1;)
alert tcp $HOME_NET any -> [143.0.85.206] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.85.206/; sid:900605291; rev:1;)
alert tcp $HOME_NET any -> [190.210.246.253] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.246.253/; sid:900605292; rev:1;)
alert tcp $HOME_NET any -> [47.144.21.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.144.21.37/; sid:900605294; rev:1;)
alert tcp $HOME_NET any -> [181.165.68.127] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.68.127/; sid:900605295; rev:1;)
alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900605296; rev:1;)
alert tcp $HOME_NET any -> [139.5.101.203] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.101.203/; sid:900605297; rev:1;)
alert tcp $HOME_NET any -> [190.162.232.138] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.162.232.138/; sid:900605298; rev:1;)
alert tcp $HOME_NET any -> [93.149.120.214] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.149.120.214/; sid:900605299; rev:1;)
alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900605300; rev:1;)
alert tcp $HOME_NET any -> [31.27.59.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.27.59.105/; sid:900605301; rev:1;)
alert tcp $HOME_NET any -> [152.169.22.67] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.67/; sid:900605303; rev:1;)
alert tcp $HOME_NET any -> [2.82.75.215] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.75.215/; sid:900605304; rev:1;)
alert tcp $HOME_NET any -> [197.211.245.21] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.245.21/; sid:900605305; rev:1;)
alert tcp $HOME_NET any -> [118.83.154.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.83.154.64/; sid:900605306; rev:1;)
alert tcp $HOME_NET any -> [201.185.69.28] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.185.69.28/; sid:900605307; rev:1;)
alert tcp $HOME_NET any -> [177.85.167.10] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.85.167.10/; sid:900605308; rev:1;)
alert tcp $HOME_NET any -> [190.251.200.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.200.206/; sid:900605309; rev:1;)
alert tcp $HOME_NET any -> [51.38.71.84] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.84/; sid:900605310; rev:1;)
alert tcp $HOME_NET any -> [201.163.74.204] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.163.74.204/; sid:900605311; rev:1;)
alert tcp $HOME_NET any -> [82.208.146.142] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.208.146.142/; sid:900605312; rev:1;)
alert tcp $HOME_NET any -> [89.106.251.163] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.106.251.163/; sid:900605313; rev:1;)
alert tcp $HOME_NET any -> [78.189.148.42] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.148.42/; sid:900605314; rev:1;)
alert tcp $HOME_NET any -> [167.99.105.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.11/; sid:900605315; rev:1;)
alert tcp $HOME_NET any -> [190.19.169.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.169.69/; sid:900605316; rev:1;)
alert tcp $HOME_NET any -> [70.183.211.3] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.211.3/; sid:900605317; rev:1;)
alert tcp $HOME_NET any -> [180.222.161.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.222.161.85/; sid:900605318; rev:1;)
alert tcp $HOME_NET any -> [75.113.193.72] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.193.72/; sid:900605319; rev:1;)
alert tcp $HOME_NET any -> [91.233.197.70] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.233.197.70/; sid:900605320; rev:1;)
alert tcp $HOME_NET any -> [78.182.254.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.254.231/; sid:900605321; rev:1;)
alert tcp $HOME_NET any -> [201.212.61.66] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.61.66/; sid:900605322; rev:1;)
alert tcp $HOME_NET any -> [200.75.39.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.39.254/; sid:900605324; rev:1;)
alert tcp $HOME_NET any -> [191.241.233.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.241.233.198/; sid:900605325; rev:1;)
alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900605326; rev:1;)
alert tcp $HOME_NET any -> [190.251.216.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.216.100/; sid:900605327; rev:1;)
alert tcp $HOME_NET any -> [190.45.24.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.24.210/; sid:900605328; rev:1;)
alert tcp $HOME_NET any -> [82.48.39.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.48.39.246/; sid:900605329; rev:1;)
alert tcp $HOME_NET any -> [190.64.88.186] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.64.88.186/; sid:900605330; rev:1;)
alert tcp $HOME_NET any -> [187.161.206.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.161.206.24/; sid:900605331; rev:1;)
alert tcp $HOME_NET any -> [186.96.170.61] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.170.61/; sid:900605332; rev:1;)
alert tcp $HOME_NET any -> [93.146.48.84] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.48.84/; sid:900605333; rev:1;)
alert tcp $HOME_NET any -> [161.0.153.60] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.0.153.60/; sid:900605334; rev:1;)
alert tcp $HOME_NET any -> [120.51.34.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.34.254/; sid:900605335; rev:1;)
alert tcp $HOME_NET any -> [203.160.167.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.167.243/; sid:900605336; rev:1;)
alert tcp $HOME_NET any -> [185.183.16.47] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.16.47/; sid:900605337; rev:1;)
alert tcp $HOME_NET any -> [78.188.225.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.225.105/; sid:900605338; rev:1;)
alert tcp $HOME_NET any -> [27.78.27.110] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.78.27.110/; sid:900605339; rev:1;)
alert tcp $HOME_NET any -> [152.32.75.74] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.32.75.74/; sid:900605340; rev:1;)
alert tcp $HOME_NET any -> [82.78.179.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.179.117/; sid:900605341; rev:1;)
alert tcp $HOME_NET any -> [115.79.195.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.195.246/; sid:900605342; rev:1;)
alert tcp $HOME_NET any -> [49.206.16.156] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.16.156/; sid:900605343; rev:1;)
alert tcp $HOME_NET any -> [122.116.104.238] 8443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605344; rev:1;)
alert tcp $HOME_NET any -> [109.101.137.162] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.101.137.162/; sid:900605345; rev:1;)
alert tcp $HOME_NET any -> [190.55.186.229] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.186.229/; sid:900605346; rev:1;)
alert tcp $HOME_NET any -> [209.33.120.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.120.130/; sid:900605347; rev:1;)
alert tcp $HOME_NET any -> [217.160.169.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.169.110/; sid:900605348; rev:1;)
alert tcp $HOME_NET any -> [51.255.203.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.203.164/; sid:900605349; rev:1;)
alert tcp $HOME_NET any -> [84.232.229.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.232.229.24/; sid:900605350; rev:1;)
alert tcp $HOME_NET any -> [201.48.121.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.48.121.65/; sid:900605351; rev:1;)
alert tcp $HOME_NET any -> [85.105.239.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.239.184/; sid:900605352; rev:1;)
alert tcp $HOME_NET any -> [108.53.88.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.53.88.101/; sid:900605353; rev:1;)
alert tcp $HOME_NET any -> [79.130.130.240] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.130.240/; sid:900605354; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605355; rev:1;)
alert tcp $HOME_NET any -> [98.109.133.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.109.133.80/; sid:900605356; rev:1;)
alert tcp $HOME_NET any -> [181.10.46.92] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.46.92/; sid:900605357; rev:1;)
alert tcp $HOME_NET any -> [71.72.196.159] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.72.196.159/; sid:900605358; rev:1;)
alert tcp $HOME_NET any -> [24.69.65.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.65.8/; sid:900605359; rev:1;)
alert tcp $HOME_NET any -> [95.76.153.115] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.76.153.115/; sid:900605360; rev:1;)
alert tcp $HOME_NET any -> [197.232.36.108] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.36.108/; sid:900605361; rev:1;)
alert tcp $HOME_NET any -> [190.18.184.113] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.184.113/; sid:900605362; rev:1;)
alert tcp $HOME_NET any -> [69.38.130.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.38.130.14/; sid:900605363; rev:1;)
alert tcp $HOME_NET any -> [172.193.14.201] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.193.14.201/; sid:900605364; rev:1;)
alert tcp $HOME_NET any -> [88.58.209.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.58.209.2/; sid:900605366; rev:1;)
alert tcp $HOME_NET any -> [186.146.229.172] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.229.172/; sid:900605367; rev:1;)
alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900605368; rev:1;)
alert tcp $HOME_NET any -> [50.91.114.38] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.114.38/; sid:900605369; rev:1;)
alert tcp $HOME_NET any -> [181.171.209.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.209.241/; sid:900605370; rev:1;)
alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900605371; rev:1;)
alert tcp $HOME_NET any -> [123.176.25.234] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.176.25.234/; sid:900605372; rev:1;)
alert tcp $HOME_NET any -> [91.90.88.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.88.5/; sid:900605373; rev:1;)
alert tcp $HOME_NET any -> [122.116.104.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605374; rev:1;)
alert tcp $HOME_NET any -> [78.206.229.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.206.229.130/; sid:900605375; rev:1;)
alert tcp $HOME_NET any -> [79.133.6.236] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.133.6.236/; sid:900605376; rev:1;)
alert tcp $HOME_NET any -> [190.240.194.77] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.194.77/; sid:900605377; rev:1;)
alert tcp $HOME_NET any -> [154.127.113.242] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.127.113.242/; sid:900605378; rev:1;)
alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900605379; rev:1;)
alert tcp $HOME_NET any -> [159.89.91.92] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.91.92/; sid:900605380; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900605381; rev:1;)
alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900605382; rev:1;)
alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900605384; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.140] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.140/; sid:900605385; rev:1;)
alert tcp $HOME_NET any -> [59.148.253.194] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900605386; rev:1;)
alert tcp $HOME_NET any -> [94.23.45.86] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900605387; rev:1;)
alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:900605388; rev:1;)
alert tcp $HOME_NET any -> [51.75.33.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900605389; rev:1;)
alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900605390; rev:1;)
alert tcp $HOME_NET any -> [167.86.68.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.68.49/; sid:900605391; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.87] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.87/; sid:900605392; rev:1;)
alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900605393; rev:1;)
alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:900605394; rev:1;)
alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900605395; rev:1;)
alert tcp $HOME_NET any -> [162.241.92.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.92.219/; sid:900605400; rev:1;)
alert tcp $HOME_NET any -> [72.188.173.74] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.173.74/; sid:900605416; rev:1;)
alert tcp $HOME_NET any -> [200.111.198.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.198.76/; sid:900605417; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.20] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.20/; sid:900605418; rev:1;)
alert tcp $HOME_NET any -> [185.181.9.76] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.181.9.76/; sid:900605419; rev:1;)
alert tcp $HOME_NET any -> [175.207.13.56] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.13.56/; sid:900605420; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.84] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.84/; sid:900605421; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.131] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.131/; sid:900605424; rev:1;)
alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900605425; rev:1;)
alert tcp $HOME_NET any -> [5.196.204.251] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.204.251/; sid:900605426; rev:1;)
alert tcp $HOME_NET any -> [24.229.3.146] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.3.146/; sid:900605427; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900605430; rev:1;)
alert tcp $HOME_NET any -> [87.106.18.216] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.18.216/; sid:900605431; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900605432; rev:1;)
alert tcp $HOME_NET any -> [41.211.125.59] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.211.125.59/; sid:900605434; rev:1;)
alert tcp $HOME_NET any -> [118.67.216.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.67.216.238/; sid:900605435; rev:1;)
alert tcp $HOME_NET any -> [36.94.164.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.164.249/; sid:900605436; rev:1;)
alert tcp $HOME_NET any -> [92.242.214.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.214.203/; sid:900605437; rev:1;)
alert tcp $HOME_NET any -> [103.91.244.102] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.102/; sid:900605438; rev:1;)
alert tcp $HOME_NET any -> [45.226.124.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605439; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.66/; sid:900605440; rev:1;)
alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900605441; rev:1;)
alert tcp $HOME_NET any -> [117.212.193.62] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.212.193.62/; sid:900605442; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900605443; rev:1;)
alert tcp $HOME_NET any -> [201.184.190.59] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.190.59/; sid:900605444; rev:1;)
alert tcp $HOME_NET any -> [179.191.108.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.191.108.58/; sid:900605446; rev:1;)
alert tcp $HOME_NET any -> [176.62.180.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.62.180.164/; sid:900605447; rev:1;)
alert tcp $HOME_NET any -> [194.5.249.93] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.93/; sid:900605449; rev:1;)
alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900605450; rev:1;)
alert tcp $HOME_NET any -> [181.211.103.254] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.103.254/; sid:900605452; rev:1;)
alert tcp $HOME_NET any -> [103.89.252.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.252.130/; sid:900605455; rev:1;)
alert tcp $HOME_NET any -> [201.59.167.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.59.167.66/; sid:900605457; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.133/; sid:900605458; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.85] 34443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.85/; sid:900605459; rev:1;)
alert tcp $HOME_NET any -> [192.241.175.242] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.242/; sid:900605460; rev:1;)
alert tcp $HOME_NET any -> [62.14.242.133] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.14.242.133/; sid:900605461; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900605462; rev:1;)
alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900605464; rev:1;)
alert tcp $HOME_NET any -> [103.94.7.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.7.43/; sid:900605465; rev:1;)
alert tcp $HOME_NET any -> [46.252.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.252.38.244/; sid:900605467; rev:1;)
alert tcp $HOME_NET any -> [178.254.40.33] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.33/; sid:900605468; rev:1;)
alert tcp $HOME_NET any -> [185.4.132.226] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.132.226/; sid:900605469; rev:1;)
alert tcp $HOME_NET any -> [92.60.235.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.60.235.135/; sid:900605470; rev:1;)
alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900605471; rev:1;)
alert tcp $HOME_NET any -> [95.210.118.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.210.118.90/; sid:900605472; rev:1;)
alert tcp $HOME_NET any -> [77.81.247.140] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.81.247.140/; sid:900605474; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.149/; sid:900605475; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.146/; sid:900605476; rev:1;)
alert tcp $HOME_NET any -> [5.189.157.183] 4646 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.157.183/; sid:900605477; rev:1;)
alert tcp $HOME_NET any -> [165.227.155.13] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.155.13/; sid:900605478; rev:1;)
alert tcp $HOME_NET any -> [128.199.59.13] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.59.13/; sid:900605481; rev:1;)
alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900605482; rev:1;)
alert tcp $HOME_NET any -> [94.158.245.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.54/; sid:900605485; rev:1;)
alert tcp $HOME_NET any -> [45.83.129.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.129.224/; sid:900605486; rev:1;)
alert tcp $HOME_NET any -> [195.123.241.195] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.195/; sid:900605487; rev:1;)
alert tcp $HOME_NET any -> [108.170.20.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.72/; sid:900605488; rev:1;)
alert tcp $HOME_NET any -> [134.119.186.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.201/; sid:900605489; rev:1;)
alert tcp $HOME_NET any -> [134.119.186.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.200/; sid:900605491; rev:1;)
alert tcp $HOME_NET any -> [108.170.20.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.75/; sid:900605493; rev:1;)
alert tcp $HOME_NET any -> [94.140.114.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.136/; sid:900605494; rev:1;)
alert tcp $HOME_NET any -> [172.83.155.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.215/; sid:900605495; rev:1;)
alert tcp $HOME_NET any -> [212.227.53.240] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.53.240/; sid:900605496; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.132/; sid:900605497; rev:1;)
alert tcp $HOME_NET any -> [192.241.174.45] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.174.45/; sid:900605498; rev:1;)
alert tcp $HOME_NET any -> [193.8.194.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.8.194.96/; sid:900605499; rev:1;)
alert tcp $HOME_NET any -> [185.163.45.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.138/; sid:900605500; rev:1;)
alert tcp $HOME_NET any -> [45.155.173.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.242/; sid:900605501; rev:1;)
alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900605502; rev:1;)
alert tcp $HOME_NET any -> [217.160.107.189] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900605503; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.150] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.150/; sid:900605504; rev:1;)
alert tcp $HOME_NET any -> [142.202.191.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.202.191.164/; sid:900605506; rev:1;)
alert tcp $HOME_NET any -> [173.255.246.77] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.246.77/; sid:900605510; rev:1;)
alert tcp $HOME_NET any -> [185.216.27.185] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.216.27.185/; sid:900605514; rev:1;)
alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900605517; rev:1;)
alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900605518; rev:1;)
alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900605519; rev:1;)
alert tcp $HOME_NET any -> [151.236.29.248] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.29.248/; sid:900605520; rev:1;)
alert tcp $HOME_NET any -> [181.196.245.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.245.54/; sid:900605524; rev:1;)
alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900605527; rev:1;)
alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900605528; rev:1;)
alert tcp $HOME_NET any -> [70.39.99.196] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.39.99.196/; sid:900605529; rev:1;)
alert tcp $HOME_NET any -> [178.54.230.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.54.230.164/; sid:900605530; rev:1;)
alert tcp $HOME_NET any -> [103.76.20.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.20.226/; sid:900605531; rev:1;)
alert tcp $HOME_NET any -> [80.78.75.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.75.246/; sid:900605532; rev:1;)
alert tcp $HOME_NET any -> [154.79.252.132] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.252.132/; sid:900605535; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900605536; rev:1;)
alert tcp $HOME_NET any -> [80.78.77.116] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.77.116/; sid:900605537; rev:1;)
alert tcp $HOME_NET any -> [168.232.188.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.232.188.88/; sid:900605538; rev:1;)
alert tcp $HOME_NET any -> [173.81.4.147] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605539; rev:1;)
alert tcp $HOME_NET any -> [202.142.151.190] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.151.190/; sid:900605540; rev:1;)
alert tcp $HOME_NET any -> [37.235.230.123] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.230.123/; sid:900605545; rev:1;)
alert tcp $HOME_NET any -> [186.195.199.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.195.199.238/; sid:900605546; rev:1;)
alert tcp $HOME_NET any -> [177.47.88.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.47.88.62/; sid:900605547; rev:1;)
alert tcp $HOME_NET any -> [36.92.93.5] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.93.5/; sid:900605548; rev:1;)
alert tcp $HOME_NET any -> [103.146.2.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605549; rev:1;)
alert tcp $HOME_NET any -> [182.48.66.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.66.106/; sid:900605550; rev:1;)
alert tcp $HOME_NET any -> [36.94.202.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.202.131/; sid:900605551; rev:1;)
alert tcp $HOME_NET any -> [179.60.243.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.243.52/; sid:900605552; rev:1;)
alert tcp $HOME_NET any -> [103.146.185.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.185.107/; sid:900605556; rev:1;)
alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900605558; rev:1;)
alert tcp $HOME_NET any -> [91.121.94.86] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.94.86/; sid:900605559; rev:1;)
alert tcp $HOME_NET any -> [5.189.144.136] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.144.136/; sid:900605560; rev:1;)
alert tcp $HOME_NET any -> [131.72.153.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.153.198/; sid:900605561; rev:1;)
alert tcp $HOME_NET any -> [131.255.106.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.255.106.152/; sid:900605562; rev:1;)
alert tcp $HOME_NET any -> [37.112.60.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.112.60.123/; sid:900605563; rev:1;)
alert tcp $HOME_NET any -> [202.91.41.138] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.41.138/; sid:900605570; rev:1;)
alert tcp $HOME_NET any -> [122.2.28.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.2.28.70/; sid:900605575; rev:1;)
alert tcp $HOME_NET any -> [103.225.138.94] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.138.94/; sid:900605576; rev:1;)
alert tcp $HOME_NET any -> [123.231.149.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605577; rev:1;)
alert tcp $HOME_NET any -> [190.119.167.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.167.154/; sid:900605578; rev:1;)
alert tcp $HOME_NET any -> [47.103.145.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.103.145.214/; sid:900605579; rev:1;)
alert tcp $HOME_NET any -> [117.210.210.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.210.210.179/; sid:900605580; rev:1;)
alert tcp $HOME_NET any -> [200.195.233.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.195.233.10/; sid:900605581; rev:1;)
alert tcp $HOME_NET any -> [170.82.4.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.4.158/; sid:900605582; rev:1;)
alert tcp $HOME_NET any -> [37.29.124.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.29.124.94/; sid:900605583; rev:1;)
alert tcp $HOME_NET any -> [103.239.165.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.239.165.24/; sid:900605584; rev:1;)
alert tcp $HOME_NET any -> [103.146.2.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605587; rev:1;)
alert tcp $HOME_NET any -> [103.54.42.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.42.218/; sid:900605588; rev:1;)
alert tcp $HOME_NET any -> [85.25.134.43] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.134.43/; sid:900605589; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900605590; rev:1;)
alert tcp $HOME_NET any -> [213.208.134.178] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.208.134.178/; sid:900605591; rev:1;)
alert tcp $HOME_NET any -> [50.243.30.51] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.243.30.51/; sid:900605592; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.132/; sid:900605593; rev:1;)
alert tcp $HOME_NET any -> [162.241.204.234] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.234/; sid:900605595; rev:1;)
alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900605596; rev:1;)
alert tcp $HOME_NET any -> [185.97.135.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.97.135.164/; sid:900605597; rev:1;)
alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900605598; rev:1;)
alert tcp $HOME_NET any -> [203.160.59.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.59.14/; sid:900605601; rev:1;)
alert tcp $HOME_NET any -> [36.66.111.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.111.251/; sid:900605602; rev:1;)
alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900605603; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.137] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.137/; sid:900605604; rev:1;)
alert tcp $HOME_NET any -> [116.251.211.158] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.251.211.158/; sid:900605605; rev:1;)
alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900605607; rev:1;)
alert tcp $HOME_NET any -> [114.34.226.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.34.226.52/; sid:900605609; rev:1;)
alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900605610; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900605612; rev:1;)
alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900605613; rev:1;)
alert tcp $HOME_NET any -> [190.152.71.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.71.230/; sid:900605615; rev:1;)
alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900605616; rev:1;)
alert tcp $HOME_NET any -> [181.191.67.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.191.67.186/; sid:900605617; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.135] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.135/; sid:900605618; rev:1;)
alert tcp $HOME_NET any -> [107.180.90.10] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.180.90.10/; sid:900605619; rev:1;)
alert tcp $HOME_NET any -> [31.24.158.56] 7275 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.24.158.56/; sid:900605620; rev:1;)
alert tcp $HOME_NET any -> [167.179.194.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.194.205/; sid:900605621; rev:1;)
alert tcp $HOME_NET any -> [79.106.115.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.103/; sid:900605622; rev:1;)
alert tcp $HOME_NET any -> [178.33.183.53] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.183.53/; sid:900605623; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.166] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.166/; sid:900605624; rev:1;)
alert tcp $HOME_NET any -> [157.7.139.198] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.139.198/; sid:900605625; rev:1;)
alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900605626; rev:1;)
alert tcp $HOME_NET any -> [41.76.108.46] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900605627; rev:1;)
alert tcp $HOME_NET any -> [195.154.221.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.221.186/; sid:900605628; rev:1;)
alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900605629; rev:1;)
alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900605632; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.199/; sid:900605633; rev:1;)
alert tcp $HOME_NET any -> [62.75.168.152] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.152/; sid:900605634; rev:1;)
alert tcp $HOME_NET any -> [147.78.186.4] 10051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.78.186.4/; sid:900605635; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.184] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.184/; sid:900605636; rev:1;)
alert tcp $HOME_NET any -> [174.105.233.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.105.233.82/; sid:900605637; rev:1;)
alert tcp $HOME_NET any -> [45.164.80.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.164.80.94/; sid:900605638; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900605641; rev:1;)
alert tcp $HOME_NET any -> [199.204.214.26] 7073 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.26/; sid:900605642; rev:1;)
alert tcp $HOME_NET any -> [95.140.127.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.127.82/; sid:900605643; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900605646; rev:1;)
alert tcp $HOME_NET any -> [219.91.189.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.91.189.17/; sid:900605647; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900605648; rev:1;)
alert tcp $HOME_NET any -> [103.18.108.116] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.18.108.116/; sid:900605649; rev:1;)
alert tcp $HOME_NET any -> [36.91.107.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.107.247/; sid:900605651; rev:1;)
alert tcp $HOME_NET any -> [12.158.156.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.158.156.51/; sid:900605652; rev:1;)
alert tcp $HOME_NET any -> [49.231.17.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.17.146/; sid:900605654; rev:1;)
alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900605655; rev:1;)
alert tcp $HOME_NET any -> [72.133.71.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.71.61/; sid:900605656; rev:1;)
alert tcp $HOME_NET any -> [103.26.251.214] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.26.251.214/; sid:900605657; rev:1;)
alert tcp $HOME_NET any -> [98.6.170.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.170.206/; sid:900605659; rev:1;)
alert tcp $HOME_NET any -> [102.67.74.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.67.74.24/; sid:900605660; rev:1;)
alert tcp $HOME_NET any -> [5.2.158.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.158.159/; sid:900605661; rev:1;)
alert tcp $HOME_NET any -> [92.245.172.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.245.172.211/; sid:900605662; rev:1;)
alert tcp $HOME_NET any -> [176.115.19.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.19.84/; sid:900605663; rev:1;)
alert tcp $HOME_NET any -> [76.84.51.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.51.10/; sid:900605664; rev:1;)
alert tcp $HOME_NET any -> [62.209.206.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.209.206.195/; sid:900605665; rev:1;)
alert tcp $HOME_NET any -> [85.175.171.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605666; rev:1;)
alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900605667; rev:1;)
alert tcp $HOME_NET any -> [103.6.213.203] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.6.213.203/; sid:900605668; rev:1;)
alert tcp $HOME_NET any -> [46.41.130.218] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900605669; rev:1;)
alert tcp $HOME_NET any -> [71.66.174.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.66.174.34/; sid:900605670; rev:1;)
alert tcp $HOME_NET any -> [5.189.181.107] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.181.107/; sid:900605671; rev:1;)
alert tcp $HOME_NET any -> [198.179.109.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.179.109.238/; sid:900605672; rev:1;)
alert tcp $HOME_NET any -> [72.2.179.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.2.179.4/; sid:900605673; rev:1;)
alert tcp $HOME_NET any -> [45.127.134.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.127.134.203/; sid:900605674; rev:1;)
alert tcp $HOME_NET any -> [41.138.131.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.138.131.67/; sid:900605675; rev:1;)
alert tcp $HOME_NET any -> [203.112.210.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.112.210.46/; sid:900605676; rev:1;)
alert tcp $HOME_NET any -> [116.212.132.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.111/; sid:900605678; rev:1;)
alert tcp $HOME_NET any -> [103.110.14.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.14.43/; sid:900605679; rev:1;)
alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900605680; rev:1;)
alert tcp $HOME_NET any -> [88.119.86.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.119.86.75/; sid:900605681; rev:1;)
alert tcp $HOME_NET any -> [182.160.109.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.109.205/; sid:900605682; rev:1;)
alert tcp $HOME_NET any -> [103.15.140.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.15.140.141/; sid:900605683; rev:1;)
alert tcp $HOME_NET any -> [45.167.249.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.249.126/; sid:900605684; rev:1;)
alert tcp $HOME_NET any -> [103.138.172.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.138.172.74/; sid:900605685; rev:1;)
alert tcp $HOME_NET any -> [182.23.81.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.81.218/; sid:900605686; rev:1;)
alert tcp $HOME_NET any -> [45.229.71.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605687; rev:1;)
alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900605688; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900605691; rev:1;)
alert tcp $HOME_NET any -> [185.229.225.1] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.229.225.1/; sid:900605695; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.174] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.174/; sid:900605696; rev:1;)
alert tcp $HOME_NET any -> [195.201.199.53] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.199.53/; sid:900605697; rev:1;)
alert tcp $HOME_NET any -> [159.8.59.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900605699; rev:1;)
alert tcp $HOME_NET any -> [196.41.57.46] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605701; rev:1;)
alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900605702; rev:1;)
alert tcp $HOME_NET any -> [173.255.215.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.215.225/; sid:900605703; rev:1;)
alert tcp $HOME_NET any -> [98.142.187.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.233/; sid:900605704; rev:1;)
alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900605711; rev:1;)
alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900605712; rev:1;)
alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900605713; rev:1;)
alert tcp $HOME_NET any -> [173.81.4.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605714; rev:1;)
alert tcp $HOME_NET any -> [5.59.205.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.59.205.32/; sid:900605715; rev:1;)
alert tcp $HOME_NET any -> [161.132.187.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.132.187.158/; sid:900605716; rev:1;)
alert tcp $HOME_NET any -> [98.142.187.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.174/; sid:900605719; rev:1;)
alert tcp $HOME_NET any -> [80.211.33.13] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.33.13/; sid:900605722; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900605724; rev:1;)
alert tcp $HOME_NET any -> [188.18.7.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.18.7.133/; sid:900605725; rev:1;)
alert tcp $HOME_NET any -> [63.249.67.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.249.67.70/; sid:900605726; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900605727; rev:1;)
alert tcp $HOME_NET any -> [31.148.29.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.29.153/; sid:900605728; rev:1;)
alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900605729; rev:1;)
alert tcp $HOME_NET any -> [181.143.251.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605730; rev:1;)
alert tcp $HOME_NET any -> [202.131.227.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.226/; sid:900605732; rev:1;)
alert tcp $HOME_NET any -> [200.105.134.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.134.99/; sid:900605734; rev:1;)
# END 538 entries