################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2025-04-27 03:30:13 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900605001; rev:1;) alert tcp $HOME_NET any -> [192.73.238.101] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.73.238.101/; sid:900605002; rev:1;) alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900605003; rev:1;) alert tcp $HOME_NET any -> [194.58.98.196] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.58.98.196/; sid:900605004; rev:1;) alert tcp $HOME_NET any -> [142.4.6.57] 14043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.6.57/; sid:900605005; rev:1;) alert tcp $HOME_NET any -> [64.225.35.35] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.35.35/; sid:900605006; rev:1;) alert tcp $HOME_NET any -> [195.159.28.230] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605007; rev:1;) alert tcp $HOME_NET any -> [93.186.200.154] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.186.200.154/; sid:900605009; rev:1;) alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900605010; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605011; rev:1;) alert tcp $HOME_NET any -> [5.9.178.143] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.143/; sid:900605012; rev:1;) alert tcp $HOME_NET any -> [37.139.2.140] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.2.140/; sid:900605013; rev:1;) alert tcp $HOME_NET any -> [49.212.179.180] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.179.180/; sid:900605014; rev:1;) alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605016; rev:1;) alert tcp $HOME_NET any -> [195.231.69.151] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.69.151/; sid:900605018; rev:1;) alert tcp $HOME_NET any -> [221.126.244.72] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.126.244.72/; sid:900605019; rev:1;) alert tcp $HOME_NET any -> [157.7.166.26] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.166.26/; sid:900605020; rev:1;) alert tcp $HOME_NET any -> [212.129.24.83] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.83/; sid:900605021; rev:1;) alert tcp $HOME_NET any -> [208.71.173.207] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.71.173.207/; sid:900605022; rev:1;) alert tcp $HOME_NET any -> [80.86.91.27] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.91.27/; sid:900605023; rev:1;) alert tcp $HOME_NET any -> [5.100.228.233] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.100.228.233/; sid:900605024; rev:1;) alert tcp $HOME_NET any -> [77.220.64.37] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.37/; sid:900605025; rev:1;) alert tcp $HOME_NET any -> [46.105.131.65] 1512 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.65/; sid:900605026; rev:1;) alert tcp $HOME_NET any -> [69.64.62.4] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900605027; rev:1;) alert tcp $HOME_NET any -> [162.241.44.26] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.44.26/; sid:900605028; rev:1;) alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900605029; rev:1;) alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900605030; rev:1;) alert tcp $HOME_NET any -> [194.150.118.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.7/; sid:900605031; rev:1;) alert tcp $HOME_NET any -> [199.66.90.63] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.66.90.63/; sid:900605035; rev:1;) alert tcp $HOME_NET any -> [81.169.224.222] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.224.222/; sid:900605036; rev:1;) alert tcp $HOME_NET any -> [62.75.168.106] 3886 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.106/; sid:900605037; rev:1;) alert tcp $HOME_NET any -> [82.165.152.127] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.152.127/; sid:900605038; rev:1;) alert tcp $HOME_NET any -> [178.254.40.132] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.132/; sid:900605039; rev:1;) alert tcp $HOME_NET any -> [216.172.165.70] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.172.165.70/; sid:900605041; rev:1;) alert tcp $HOME_NET any -> [85.207.13.169] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.207.13.169/; sid:900605043; rev:1;) alert tcp $HOME_NET any -> [104.131.164.93] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.164.93/; sid:900605045; rev:1;) alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900605046; rev:1;) alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900605047; rev:1;) alert tcp $HOME_NET any -> [94.126.8.2] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.126.8.2/; sid:900605054; rev:1;) alert tcp $HOME_NET any -> [77.220.64.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.39/; sid:900605055; rev:1;) alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900605056; rev:1;) alert tcp $HOME_NET any -> [89.174.36.41] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.174.36.41/; sid:900605057; rev:1;) alert tcp $HOME_NET any -> [169.255.216.36] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.216.36/; sid:900605058; rev:1;) alert tcp $HOME_NET any -> [193.90.12.122] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.122/; sid:900605059; rev:1;) alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900605063; rev:1;) alert tcp $HOME_NET any -> [67.79.105.174] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.105.174/; sid:900605065; rev:1;) alert tcp $HOME_NET any -> [45.79.226.106] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.226.106/; sid:900605066; rev:1;) alert tcp $HOME_NET any -> [2.58.16.89] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.89/; sid:900605067; rev:1;) alert tcp $HOME_NET any -> [27.254.174.93] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.93/; sid:900605068; rev:1;) alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900605069; rev:1;) alert tcp $HOME_NET any -> [45.56.127.75] 49160 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.127.75/; sid:900605070; rev:1;) alert tcp $HOME_NET any -> [103.41.110.115] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.41.110.115/; sid:900605071; rev:1;) alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900605072; rev:1;) alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900605073; rev:1;) alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900605074; rev:1;) alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900605075; rev:1;) alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900605076; rev:1;) alert tcp $HOME_NET any -> [188.165.17.91] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.17.91/; sid:900605077; rev:1;) alert tcp $HOME_NET any -> [188.40.34.210] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.34.210/; sid:900605078; rev:1;) alert tcp $HOME_NET any -> [195.159.28.229] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.229/; sid:900605079; rev:1;) alert tcp $HOME_NET any -> [178.62.23.64] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.23.64/; sid:900605081; rev:1;) alert tcp $HOME_NET any -> [167.99.158.82] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.158.82/; sid:900605082; rev:1;) alert tcp $HOME_NET any -> [103.244.206.74] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.244.206.74/; sid:900605083; rev:1;) alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900605084; rev:1;) alert tcp $HOME_NET any -> [162.241.204.233] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.233/; sid:900605085; rev:1;) alert tcp $HOME_NET any -> [138.122.143.40] 8043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.143.40/; sid:900605086; rev:1;) alert tcp $HOME_NET any -> [198.57.200.100] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.200.100/; sid:900605087; rev:1;) alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900605088; rev:1;) alert tcp $HOME_NET any -> [85.25.109.116] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.109.116/; sid:900605089; rev:1;) alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900605090; rev:1;) alert tcp $HOME_NET any -> [87.106.89.36] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.89.36/; sid:900605091; rev:1;) alert tcp $HOME_NET any -> [51.15.176.55] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.176.55/; sid:900605092; rev:1;) alert tcp $HOME_NET any -> [27.254.174.84] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.84/; sid:900605093; rev:1;) alert tcp $HOME_NET any -> [172.86.186.22] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.186.22/; sid:900605094; rev:1;) alert tcp $HOME_NET any -> [62.138.14.216] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.14.216/; sid:900605095; rev:1;) alert tcp $HOME_NET any -> [46.4.83.131] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.83.131/; sid:900605096; rev:1;) alert tcp $HOME_NET any -> [213.202.229.72] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.202.229.72/; sid:900605097; rev:1;) alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900605098; rev:1;) alert tcp $HOME_NET any -> [8.4.9.152] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.4.9.152/; sid:900605099; rev:1;) alert tcp $HOME_NET any -> [185.246.87.202] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.87.202/; sid:900605100; rev:1;) alert tcp $HOME_NET any -> [69.16.193.166] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.193.166/; sid:900605101; rev:1;) alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900605104; rev:1;) alert tcp $HOME_NET any -> [45.77.154.161] 1688 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.154.161/; sid:900605105; rev:1;) alert tcp $HOME_NET any -> [69.164.207.140] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.207.140/; sid:900605106; rev:1;) alert tcp $HOME_NET any -> [46.105.131.78] 14431 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.78/; sid:900605107; rev:1;) alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900605108; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605109; rev:1;) alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605110; rev:1;) alert tcp $HOME_NET any -> [107.172.188.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.188.113/; sid:900605111; rev:1;) alert tcp $HOME_NET any -> [5.202.150.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.202.150.151/; sid:900605112; rev:1;) alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900605113; rev:1;) alert tcp $HOME_NET any -> [185.109.54.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.109.54.99/; sid:900605114; rev:1;) alert tcp $HOME_NET any -> [190.151.130.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.130.12/; sid:900605115; rev:1;) alert tcp $HOME_NET any -> [36.94.167.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900605116; rev:1;) alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605117; rev:1;) alert tcp $HOME_NET any -> [45.230.244.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.244.20/; sid:900605118; rev:1;) alert tcp $HOME_NET any -> [58.97.211.3] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.97.211.3/; sid:900605119; rev:1;) alert tcp $HOME_NET any -> [186.250.157.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.157.116/; sid:900605120; rev:1;) alert tcp $HOME_NET any -> [190.214.12.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.12.202/; sid:900605121; rev:1;) alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900605123; rev:1;) alert tcp $HOME_NET any -> [200.52.147.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.147.93/; sid:900605124; rev:1;) alert tcp $HOME_NET any -> [45.226.124.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605125; rev:1;) alert tcp $HOME_NET any -> [187.189.99.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.99.216/; sid:900605126; rev:1;) alert tcp $HOME_NET any -> [45.148.120.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.173/; sid:900605127; rev:1;) alert tcp $HOME_NET any -> [45.234.212.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.212.234/; sid:900605129; rev:1;) alert tcp $HOME_NET any -> [36.94.113.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.113.249/; sid:900605130; rev:1;) alert tcp $HOME_NET any -> [185.118.15.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.118.15.137/; sid:900605131; rev:1;) alert tcp $HOME_NET any -> [212.126.125.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.126.125.10/; sid:900605132; rev:1;) alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900605136; rev:1;) alert tcp $HOME_NET any -> [222.124.7.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.7.150/; sid:900605137; rev:1;) alert tcp $HOME_NET any -> [36.94.62.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.62.207/; sid:900605138; rev:1;) alert tcp $HOME_NET any -> [45.155.173.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.196/; sid:900605140; rev:1;) alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900605147; rev:1;) alert tcp $HOME_NET any -> [103.69.216.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.216.154/; sid:900605148; rev:1;) alert tcp $HOME_NET any -> [43.245.216.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.238/; sid:900605153; rev:1;) alert tcp $HOME_NET any -> [5.182.210.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.24/; sid:900605156; rev:1;) alert tcp $HOME_NET any -> [186.137.85.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.85.76/; sid:900605159; rev:1;) alert tcp $HOME_NET any -> [182.253.107.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.107.34/; sid:900605167; rev:1;) alert tcp $HOME_NET any -> [103.91.244.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.50/; sid:900605168; rev:1;) alert tcp $HOME_NET any -> [177.221.108.198] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.108.198/; sid:900605171; rev:1;) alert tcp $HOME_NET any -> [104.161.32.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.108/; sid:900605172; rev:1;) alert tcp $HOME_NET any -> [50.116.111.64] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.64/; sid:900605173; rev:1;) alert tcp $HOME_NET any -> [185.184.25.234] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900605174; rev:1;) alert tcp $HOME_NET any -> [194.225.58.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.225.58.214/; sid:900605175; rev:1;) alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900605176; rev:1;) alert tcp $HOME_NET any -> [85.204.116.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.83/; sid:900605178; rev:1;) alert tcp $HOME_NET any -> [83.151.14.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.151.14.13/; sid:900605179; rev:1;) alert tcp $HOME_NET any -> [77.220.64.40] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.40/; sid:900605200; rev:1;) alert tcp $HOME_NET any -> [12.175.220.98] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.175.220.98/; sid:900605201; rev:1;) alert tcp $HOME_NET any -> [24.178.90.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.90.49/; sid:900605202; rev:1;) alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:900605203; rev:1;) alert tcp $HOME_NET any -> [175.103.38.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.38.146/; sid:900605204; rev:1;) alert tcp $HOME_NET any -> [69.49.88.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.49.88.46/; sid:900605205; rev:1;) alert tcp $HOME_NET any -> [167.114.153.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.153.111/; sid:900605206; rev:1;) alert tcp $HOME_NET any -> [194.190.67.75] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.67.75/; sid:900605207; rev:1;) alert tcp $HOME_NET any -> [61.19.246.238] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.246.238/; sid:900605208; rev:1;) alert tcp $HOME_NET any -> [95.9.5.93] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.5.93/; sid:900605209; rev:1;) alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900605210; rev:1;) alert tcp $HOME_NET any -> [115.94.207.99] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.94.207.99/; sid:900605211; rev:1;) alert tcp $HOME_NET any -> [81.214.253.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.253.80/; sid:900605212; rev:1;) alert tcp $HOME_NET any -> [220.245.198.194] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.198.194/; sid:900605213; rev:1;) alert tcp $HOME_NET any -> [120.150.60.189] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.60.189/; sid:900605214; rev:1;) alert tcp $HOME_NET any -> [110.142.236.207] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.236.207/; sid:900605215; rev:1;) alert tcp $HOME_NET any -> [12.163.208.58] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.163.208.58/; sid:900605216; rev:1;) alert tcp $HOME_NET any -> [81.215.230.173] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.230.173/; sid:900605217; rev:1;) alert tcp $HOME_NET any -> [60.93.23.51] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.93.23.51/; sid:900605219; rev:1;) alert tcp $HOME_NET any -> [78.90.78.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.90.78.210/; sid:900605220; rev:1;) alert tcp $HOME_NET any -> [177.23.7.151] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.23.7.151/; sid:900605221; rev:1;) alert tcp $HOME_NET any -> [161.49.84.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.49.84.2/; sid:900605222; rev:1;) alert tcp $HOME_NET any -> [85.105.111.166] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.111.166/; sid:900605223; rev:1;) alert tcp $HOME_NET any -> [65.32.168.171] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.32.168.171/; sid:900605224; rev:1;) alert tcp $HOME_NET any -> [64.207.182.168] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.182.168/; sid:900605225; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900605226; rev:1;) alert tcp $HOME_NET any -> [172.125.40.123] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.125.40.123/; sid:900605227; rev:1;) alert tcp $HOME_NET any -> [45.16.226.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.16.226.117/; sid:900605228; rev:1;) alert tcp $HOME_NET any -> [110.37.224.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.224.243/; sid:900605229; rev:1;) alert tcp $HOME_NET any -> [103.93.220.182] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.93.220.182/; sid:900605231; rev:1;) alert tcp $HOME_NET any -> [91.75.75.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.75.75.46/; sid:900605232; rev:1;) alert tcp $HOME_NET any -> [185.201.9.197] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.201.9.197/; sid:900605233; rev:1;) alert tcp $HOME_NET any -> [163.53.204.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.204.180/; sid:900605234; rev:1;) alert tcp $HOME_NET any -> [203.157.152.9] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.157.152.9/; sid:900605235; rev:1;) alert tcp $HOME_NET any -> [185.208.226.142] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.208.226.142/; sid:900605236; rev:1;) alert tcp $HOME_NET any -> [190.85.46.52] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.46.52/; sid:900605238; rev:1;) alert tcp $HOME_NET any -> [188.165.214.98] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.98/; sid:900605239; rev:1;) alert tcp $HOME_NET any -> [50.116.111.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.59/; sid:900605240; rev:1;) alert tcp $HOME_NET any -> [190.103.228.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.228.24/; sid:900605243; rev:1;) alert tcp $HOME_NET any -> [80.15.100.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.100.37/; sid:900605244; rev:1;) alert tcp $HOME_NET any -> [117.2.139.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.139.117/; sid:900605245; rev:1;) alert tcp $HOME_NET any -> [152.170.79.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.79.100/; sid:900605246; rev:1;) alert tcp $HOME_NET any -> [211.215.18.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.215.18.93/; sid:900605247; rev:1;) alert tcp $HOME_NET any -> [187.162.248.237] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.248.237/; sid:900605248; rev:1;) alert tcp $HOME_NET any -> [110.39.160.38] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.160.38/; sid:900605249; rev:1;) alert tcp $HOME_NET any -> [213.52.74.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.52.74.198/; sid:900605250; rev:1;) alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900605251; rev:1;) alert tcp $HOME_NET any -> [24.179.13.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.119/; sid:900605252; rev:1;) alert tcp $HOME_NET any -> [121.124.124.40] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.124.124.40/; sid:900605253; rev:1;) alert tcp $HOME_NET any -> [12.162.84.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900605254; rev:1;) alert tcp $HOME_NET any -> [206.189.232.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.232.2/; sid:900605255; rev:1;) alert tcp $HOME_NET any -> [51.89.36.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.36.180/; sid:900605256; rev:1;) alert tcp $HOME_NET any -> [132.248.38.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.38.158/; sid:900605257; rev:1;) alert tcp $HOME_NET any -> [75.177.207.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.207.146/; sid:900605258; rev:1;) alert tcp $HOME_NET any -> [74.40.205.197] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.40.205.197/; sid:900605259; rev:1;) alert tcp $HOME_NET any -> [62.84.75.50] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.84.75.50/; sid:900605260; rev:1;) alert tcp $HOME_NET any -> [46.105.114.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.114.137/; sid:900605261; rev:1;) alert tcp $HOME_NET any -> [109.99.146.210] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.99.146.210/; sid:900605262; rev:1;) alert tcp $HOME_NET any -> [104.236.52.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.52.89/; sid:900605263; rev:1;) alert tcp $HOME_NET any -> [223.17.215.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.215.76/; sid:900605264; rev:1;) alert tcp $HOME_NET any -> [180.148.4.130] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.148.4.130/; sid:900605265; rev:1;) alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:900605266; rev:1;) alert tcp $HOME_NET any -> [115.21.224.117] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.21.224.117/; sid:900605268; rev:1;) alert tcp $HOME_NET any -> [202.79.24.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.79.24.136/; sid:900605269; rev:1;) alert tcp $HOME_NET any -> [181.30.61.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900605271; rev:1;) alert tcp $HOME_NET any -> [110.172.180.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.180.180/; sid:900605273; rev:1;) alert tcp $HOME_NET any -> [70.92.118.112] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.92.118.112/; sid:900605274; rev:1;) alert tcp $HOME_NET any -> [59.21.235.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.21.235.119/; sid:900605275; rev:1;) alert tcp $HOME_NET any -> [195.159.28.244] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.244/; sid:900605276; rev:1;) alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900605277; rev:1;) alert tcp $HOME_NET any -> [110.39.162.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.162.2/; sid:900605278; rev:1;) alert tcp $HOME_NET any -> [93.146.143.191] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.143.191/; sid:900605279; rev:1;) alert tcp $HOME_NET any -> [172.245.248.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.248.239/; sid:900605280; rev:1;) alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900605281; rev:1;) alert tcp $HOME_NET any -> [110.145.11.73] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.11.73/; sid:900605282; rev:1;) alert tcp $HOME_NET any -> [191.223.36.170] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.223.36.170/; sid:900605283; rev:1;) alert tcp $HOME_NET any -> [82.145.43.153] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.145.43.153/; sid:900605284; rev:1;) alert tcp $HOME_NET any -> [24.230.124.78] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.230.124.78/; sid:900605285; rev:1;) alert tcp $HOME_NET any -> [110.145.101.66] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.101.66/; sid:900605286; rev:1;) alert tcp $HOME_NET any -> [75.109.111.18] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.18/; sid:900605287; rev:1;) alert tcp $HOME_NET any -> [175.207.12.52] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.12.52/; sid:900605288; rev:1;) alert tcp $HOME_NET any -> [109.116.245.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.116.245.80/; sid:900605289; rev:1;) alert tcp $HOME_NET any -> [45.230.228.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.228.26/; sid:900605290; rev:1;) alert tcp $HOME_NET any -> [143.0.85.206] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.85.206/; sid:900605291; rev:1;) alert tcp $HOME_NET any -> [190.210.246.253] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.246.253/; sid:900605292; rev:1;) alert tcp $HOME_NET any -> [47.144.21.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.144.21.37/; sid:900605294; rev:1;) alert tcp $HOME_NET any -> [181.165.68.127] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.68.127/; sid:900605295; rev:1;) alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900605296; rev:1;) alert tcp $HOME_NET any -> [139.5.101.203] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.101.203/; sid:900605297; rev:1;) alert tcp $HOME_NET any -> [190.162.232.138] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.162.232.138/; sid:900605298; rev:1;) alert tcp $HOME_NET any -> [93.149.120.214] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.149.120.214/; sid:900605299; rev:1;) alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900605300; rev:1;) alert tcp $HOME_NET any -> [31.27.59.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.27.59.105/; sid:900605301; rev:1;) alert tcp $HOME_NET any -> [152.169.22.67] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.67/; sid:900605303; rev:1;) alert tcp $HOME_NET any -> [2.82.75.215] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.75.215/; sid:900605304; rev:1;) alert tcp $HOME_NET any -> [197.211.245.21] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.245.21/; sid:900605305; rev:1;) alert tcp $HOME_NET any -> [118.83.154.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.83.154.64/; sid:900605306; rev:1;) alert tcp $HOME_NET any -> [201.185.69.28] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.185.69.28/; sid:900605307; rev:1;) alert tcp $HOME_NET any -> [177.85.167.10] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.85.167.10/; sid:900605308; rev:1;) alert tcp $HOME_NET any -> [190.251.200.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.200.206/; sid:900605309; rev:1;) alert tcp $HOME_NET any -> [51.38.71.84] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.84/; sid:900605310; rev:1;) alert tcp $HOME_NET any -> [201.163.74.204] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.163.74.204/; sid:900605311; rev:1;) alert tcp $HOME_NET any -> [82.208.146.142] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.208.146.142/; sid:900605312; rev:1;) alert tcp $HOME_NET any -> [89.106.251.163] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.106.251.163/; sid:900605313; rev:1;) alert tcp $HOME_NET any -> [78.189.148.42] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.148.42/; sid:900605314; rev:1;) alert tcp $HOME_NET any -> [167.99.105.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.11/; sid:900605315; rev:1;) alert tcp $HOME_NET any -> [190.19.169.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.169.69/; sid:900605316; rev:1;) alert tcp $HOME_NET any -> [70.183.211.3] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.211.3/; sid:900605317; rev:1;) alert tcp $HOME_NET any -> [180.222.161.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.222.161.85/; sid:900605318; rev:1;) alert tcp $HOME_NET any -> [75.113.193.72] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.193.72/; sid:900605319; rev:1;) alert tcp $HOME_NET any -> [91.233.197.70] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.233.197.70/; sid:900605320; rev:1;) alert tcp $HOME_NET any -> [78.182.254.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.254.231/; sid:900605321; rev:1;) alert tcp $HOME_NET any -> [201.212.61.66] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.61.66/; sid:900605322; rev:1;) alert tcp $HOME_NET any -> [200.75.39.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.39.254/; sid:900605324; rev:1;) alert tcp $HOME_NET any -> [191.241.233.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.241.233.198/; sid:900605325; rev:1;) alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900605326; rev:1;) alert tcp $HOME_NET any -> [190.251.216.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.216.100/; sid:900605327; rev:1;) alert tcp $HOME_NET any -> [190.45.24.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.24.210/; sid:900605328; rev:1;) alert tcp $HOME_NET any -> [82.48.39.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.48.39.246/; sid:900605329; rev:1;) alert tcp $HOME_NET any -> [190.64.88.186] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.64.88.186/; sid:900605330; rev:1;) alert tcp $HOME_NET any -> [187.161.206.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.161.206.24/; sid:900605331; rev:1;) alert tcp $HOME_NET any -> [186.96.170.61] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.170.61/; sid:900605332; rev:1;) alert tcp $HOME_NET any -> [93.146.48.84] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.48.84/; sid:900605333; rev:1;) alert tcp $HOME_NET any -> [161.0.153.60] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.0.153.60/; sid:900605334; rev:1;) alert tcp $HOME_NET any -> [120.51.34.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.34.254/; sid:900605335; rev:1;) alert tcp $HOME_NET any -> [203.160.167.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.167.243/; sid:900605336; rev:1;) alert tcp $HOME_NET any -> [185.183.16.47] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.16.47/; sid:900605337; rev:1;) alert tcp $HOME_NET any -> [78.188.225.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.225.105/; sid:900605338; rev:1;) alert tcp $HOME_NET any -> [27.78.27.110] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.78.27.110/; sid:900605339; rev:1;) alert tcp $HOME_NET any -> [152.32.75.74] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.32.75.74/; sid:900605340; rev:1;) alert tcp $HOME_NET any -> [82.78.179.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.179.117/; sid:900605341; rev:1;) alert tcp $HOME_NET any -> [115.79.195.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.195.246/; sid:900605342; rev:1;) alert tcp $HOME_NET any -> [49.206.16.156] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.16.156/; sid:900605343; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 8443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605344; rev:1;) alert tcp $HOME_NET any -> [109.101.137.162] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.101.137.162/; sid:900605345; rev:1;) alert tcp $HOME_NET any -> [190.55.186.229] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.186.229/; sid:900605346; rev:1;) alert tcp $HOME_NET any -> [209.33.120.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.120.130/; sid:900605347; rev:1;) alert tcp $HOME_NET any -> [217.160.169.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.169.110/; sid:900605348; rev:1;) alert tcp $HOME_NET any -> [51.255.203.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.203.164/; sid:900605349; rev:1;) alert tcp $HOME_NET any -> [84.232.229.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.232.229.24/; sid:900605350; rev:1;) alert tcp $HOME_NET any -> [201.48.121.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.48.121.65/; sid:900605351; rev:1;) alert tcp $HOME_NET any -> [85.105.239.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.239.184/; sid:900605352; rev:1;) alert tcp $HOME_NET any -> [108.53.88.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.53.88.101/; sid:900605353; rev:1;) alert tcp $HOME_NET any -> [79.130.130.240] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.130.240/; sid:900605354; rev:1;) alert tcp $HOME_NET any -> [195.159.28.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605355; rev:1;) alert tcp $HOME_NET any -> [98.109.133.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.109.133.80/; sid:900605356; rev:1;) alert tcp $HOME_NET any -> [181.10.46.92] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.46.92/; sid:900605357; rev:1;) alert tcp $HOME_NET any -> [71.72.196.159] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.72.196.159/; sid:900605358; rev:1;) alert tcp $HOME_NET any -> [24.69.65.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.65.8/; sid:900605359; rev:1;) alert tcp $HOME_NET any -> [95.76.153.115] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.76.153.115/; sid:900605360; rev:1;) alert tcp $HOME_NET any -> [197.232.36.108] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.36.108/; sid:900605361; rev:1;) alert tcp $HOME_NET any -> [190.18.184.113] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.184.113/; sid:900605362; rev:1;) alert tcp $HOME_NET any -> [69.38.130.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.38.130.14/; sid:900605363; rev:1;) alert tcp $HOME_NET any -> [172.193.14.201] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.193.14.201/; sid:900605364; rev:1;) alert tcp $HOME_NET any -> [88.58.209.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.58.209.2/; sid:900605366; rev:1;) alert tcp $HOME_NET any -> [186.146.229.172] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.229.172/; sid:900605367; rev:1;) alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900605368; rev:1;) alert tcp $HOME_NET any -> [50.91.114.38] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.114.38/; sid:900605369; rev:1;) alert tcp $HOME_NET any -> [181.171.209.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.209.241/; sid:900605370; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900605371; rev:1;) alert tcp $HOME_NET any -> [123.176.25.234] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.176.25.234/; sid:900605372; rev:1;) alert tcp $HOME_NET any -> [91.90.88.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.88.5/; sid:900605373; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605374; rev:1;) alert tcp $HOME_NET any -> [78.206.229.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.206.229.130/; sid:900605375; rev:1;) alert tcp $HOME_NET any -> [79.133.6.236] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.133.6.236/; sid:900605376; rev:1;) alert tcp $HOME_NET any -> [190.240.194.77] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.194.77/; sid:900605377; rev:1;) alert tcp $HOME_NET any -> [154.127.113.242] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.127.113.242/; sid:900605378; rev:1;) alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900605379; rev:1;) alert tcp $HOME_NET any -> [159.89.91.92] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.91.92/; sid:900605380; rev:1;) alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900605381; rev:1;) alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900605382; rev:1;) alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900605384; rev:1;) alert tcp $HOME_NET any -> [77.220.64.140] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.140/; sid:900605385; rev:1;) alert tcp $HOME_NET any -> [59.148.253.194] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900605386; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900605387; rev:1;) alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:900605388; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900605389; rev:1;) alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900605390; rev:1;) alert tcp $HOME_NET any -> [167.86.68.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.68.49/; sid:900605391; rev:1;) alert tcp $HOME_NET any -> [46.105.131.87] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.87/; sid:900605392; rev:1;) alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900605393; rev:1;) alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:900605394; rev:1;) alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900605395; rev:1;) alert tcp $HOME_NET any -> [162.241.92.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.92.219/; sid:900605400; rev:1;) alert tcp $HOME_NET any -> [72.188.173.74] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.173.74/; sid:900605416; rev:1;) alert tcp $HOME_NET any -> [200.111.198.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.198.76/; sid:900605417; rev:1;) alert tcp $HOME_NET any -> [193.90.12.20] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.20/; sid:900605418; rev:1;) alert tcp $HOME_NET any -> [185.181.9.76] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.181.9.76/; sid:900605419; rev:1;) alert tcp $HOME_NET any -> [175.207.13.56] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.13.56/; sid:900605420; rev:1;) alert tcp $HOME_NET any -> [212.129.24.84] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.84/; sid:900605421; rev:1;) alert tcp $HOME_NET any -> [77.220.64.131] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.131/; sid:900605424; rev:1;) alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900605425; rev:1;) alert tcp $HOME_NET any -> [5.196.204.251] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.204.251/; sid:900605426; rev:1;) alert tcp $HOME_NET any -> [24.229.3.146] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.3.146/; sid:900605427; rev:1;) alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900605430; rev:1;) alert tcp $HOME_NET any -> [87.106.18.216] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.18.216/; sid:900605431; rev:1;) alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900605432; rev:1;) alert tcp $HOME_NET any -> [41.211.125.59] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.211.125.59/; sid:900605434; rev:1;) alert tcp $HOME_NET any -> [118.67.216.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.67.216.238/; sid:900605435; rev:1;) alert tcp $HOME_NET any -> [36.94.164.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.164.249/; sid:900605436; rev:1;) alert tcp $HOME_NET any -> [92.242.214.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.214.203/; sid:900605437; rev:1;) alert tcp $HOME_NET any -> [103.91.244.102] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.102/; sid:900605438; rev:1;) alert tcp $HOME_NET any -> [45.226.124.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605439; rev:1;) alert tcp $HOME_NET any -> [45.234.248.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.66/; sid:900605440; rev:1;) alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900605441; rev:1;) alert tcp $HOME_NET any -> [117.212.193.62] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.212.193.62/; sid:900605442; rev:1;) alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900605443; rev:1;) alert tcp $HOME_NET any -> [201.184.190.59] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.190.59/; sid:900605444; rev:1;) alert tcp $HOME_NET any -> [179.191.108.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.191.108.58/; sid:900605446; rev:1;) alert tcp $HOME_NET any -> [176.62.180.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.62.180.164/; sid:900605447; rev:1;) alert tcp $HOME_NET any -> [194.5.249.93] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.93/; sid:900605449; rev:1;) alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900605450; rev:1;) alert tcp $HOME_NET any -> [181.211.103.254] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.103.254/; sid:900605452; rev:1;) alert tcp $HOME_NET any -> [123.59.211.174] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.59.211.174/; sid:900605454; rev:1;) alert tcp $HOME_NET any -> [103.89.252.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.252.130/; sid:900605455; rev:1;) alert tcp $HOME_NET any -> [201.59.167.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.59.167.66/; sid:900605457; rev:1;) alert tcp $HOME_NET any -> [77.220.64.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.133/; sid:900605458; rev:1;) alert tcp $HOME_NET any -> [212.129.24.85] 34443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.85/; sid:900605459; rev:1;) alert tcp $HOME_NET any -> [192.241.175.242] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.242/; sid:900605460; rev:1;) alert tcp $HOME_NET any -> [62.14.242.133] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.14.242.133/; sid:900605461; rev:1;) alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900605462; rev:1;) alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900605464; rev:1;) alert tcp $HOME_NET any -> [103.94.7.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.7.43/; sid:900605465; rev:1;) alert tcp $HOME_NET any -> [49.156.39.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.39.150/; sid:900605466; rev:1;) alert tcp $HOME_NET any -> [46.252.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.252.38.244/; sid:900605467; rev:1;) alert tcp $HOME_NET any -> [178.254.40.33] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.33/; sid:900605468; rev:1;) alert tcp $HOME_NET any -> [185.4.132.226] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.132.226/; sid:900605469; rev:1;) alert tcp $HOME_NET any -> [92.60.235.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.60.235.135/; sid:900605470; rev:1;) alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900605471; rev:1;) alert tcp $HOME_NET any -> [95.210.118.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.210.118.90/; sid:900605472; rev:1;) alert tcp $HOME_NET any -> [77.81.247.140] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.81.247.140/; sid:900605474; rev:1;) alert tcp $HOME_NET any -> [77.220.64.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.149/; sid:900605475; rev:1;) alert tcp $HOME_NET any -> [45.234.248.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.146/; sid:900605476; rev:1;) alert tcp $HOME_NET any -> [5.189.157.183] 4646 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.157.183/; sid:900605477; rev:1;) alert tcp $HOME_NET any -> [165.227.155.13] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.155.13/; sid:900605478; rev:1;) alert tcp $HOME_NET any -> [128.199.59.13] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.59.13/; sid:900605481; rev:1;) alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900605482; rev:1;) alert tcp $HOME_NET any -> [94.158.245.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.54/; sid:900605485; rev:1;) alert tcp $HOME_NET any -> [45.83.129.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.129.224/; sid:900605486; rev:1;) alert tcp $HOME_NET any -> [195.123.241.195] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.195/; sid:900605487; rev:1;) alert tcp $HOME_NET any -> [108.170.20.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.72/; sid:900605488; rev:1;) alert tcp $HOME_NET any -> [134.119.186.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.201/; sid:900605489; rev:1;) alert tcp $HOME_NET any -> [134.119.186.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.200/; sid:900605491; rev:1;) alert tcp $HOME_NET any -> [108.170.20.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.75/; sid:900605493; rev:1;) alert tcp $HOME_NET any -> [94.140.114.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.136/; sid:900605494; rev:1;) alert tcp $HOME_NET any -> [172.83.155.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.215/; sid:900605495; rev:1;) alert tcp $HOME_NET any -> [212.227.53.240] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.53.240/; sid:900605496; rev:1;) alert tcp $HOME_NET any -> [77.220.64.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.132/; sid:900605497; rev:1;) alert tcp $HOME_NET any -> [192.241.174.45] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.174.45/; sid:900605498; rev:1;) alert tcp $HOME_NET any -> [193.8.194.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.8.194.96/; sid:900605499; rev:1;) alert tcp $HOME_NET any -> [185.163.45.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.138/; sid:900605500; rev:1;) alert tcp $HOME_NET any -> [45.155.173.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.242/; sid:900605501; rev:1;) alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900605502; rev:1;) alert tcp $HOME_NET any -> [217.160.107.189] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900605503; rev:1;) alert tcp $HOME_NET any -> [77.220.64.150] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.150/; sid:900605504; rev:1;) alert tcp $HOME_NET any -> [142.202.191.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.202.191.164/; sid:900605506; rev:1;) alert tcp $HOME_NET any -> [173.255.246.77] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.246.77/; sid:900605510; rev:1;) alert tcp $HOME_NET any -> [185.216.27.185] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.216.27.185/; sid:900605514; rev:1;) alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900605517; rev:1;) alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900605518; rev:1;) alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900605519; rev:1;) alert tcp $HOME_NET any -> [151.236.29.248] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.29.248/; sid:900605520; rev:1;) alert tcp $HOME_NET any -> [181.196.245.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.245.54/; sid:900605524; rev:1;) alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900605527; rev:1;) alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900605528; rev:1;) alert tcp $HOME_NET any -> [70.39.99.196] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.39.99.196/; sid:900605529; rev:1;) alert tcp $HOME_NET any -> [178.54.230.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.54.230.164/; sid:900605530; rev:1;) alert tcp $HOME_NET any -> [103.76.20.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.20.226/; sid:900605531; rev:1;) alert tcp $HOME_NET any -> [80.78.75.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.75.246/; sid:900605532; rev:1;) alert tcp $HOME_NET any -> [154.79.252.132] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.252.132/; sid:900605535; rev:1;) alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900605536; rev:1;) alert tcp $HOME_NET any -> [80.78.77.116] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.77.116/; sid:900605537; rev:1;) alert tcp $HOME_NET any -> [168.232.188.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.232.188.88/; sid:900605538; rev:1;) alert tcp $HOME_NET any -> [173.81.4.147] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605539; rev:1;) alert tcp $HOME_NET any -> [202.142.151.190] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.151.190/; sid:900605540; rev:1;) alert tcp $HOME_NET any -> [37.235.230.123] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.230.123/; sid:900605545; rev:1;) alert tcp $HOME_NET any -> [186.195.199.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.195.199.238/; sid:900605546; rev:1;) alert tcp $HOME_NET any -> [177.47.88.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.47.88.62/; sid:900605547; rev:1;) alert tcp $HOME_NET any -> [36.92.93.5] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.93.5/; sid:900605548; rev:1;) alert tcp $HOME_NET any -> [103.146.2.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605549; rev:1;) alert tcp $HOME_NET any -> [182.48.66.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.66.106/; sid:900605550; rev:1;) alert tcp $HOME_NET any -> [36.94.202.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.202.131/; sid:900605551; rev:1;) alert tcp $HOME_NET any -> [179.60.243.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.243.52/; sid:900605552; rev:1;) alert tcp $HOME_NET any -> [103.146.185.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.185.107/; sid:900605556; rev:1;) alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900605558; rev:1;) alert tcp $HOME_NET any -> [91.121.94.86] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.94.86/; sid:900605559; rev:1;) alert tcp $HOME_NET any -> [5.189.144.136] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.144.136/; sid:900605560; rev:1;) alert tcp $HOME_NET any -> [131.72.153.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.153.198/; sid:900605561; rev:1;) alert tcp $HOME_NET any -> [131.255.106.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.255.106.152/; sid:900605562; rev:1;) alert tcp $HOME_NET any -> [37.112.60.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.112.60.123/; sid:900605563; rev:1;) alert tcp $HOME_NET any -> [202.91.41.138] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.41.138/; sid:900605570; rev:1;) alert tcp $HOME_NET any -> [122.2.28.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.2.28.70/; sid:900605575; rev:1;) alert tcp $HOME_NET any -> [103.225.138.94] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.138.94/; sid:900605576; rev:1;) alert tcp $HOME_NET any -> [123.231.149.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605577; rev:1;) alert tcp $HOME_NET any -> [190.119.167.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.167.154/; sid:900605578; rev:1;) alert tcp $HOME_NET any -> [47.103.145.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.103.145.214/; sid:900605579; rev:1;) alert tcp $HOME_NET any -> [117.210.210.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.210.210.179/; sid:900605580; rev:1;) alert tcp $HOME_NET any -> [200.195.233.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.195.233.10/; sid:900605581; rev:1;) alert tcp $HOME_NET any -> [170.82.4.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.4.158/; sid:900605582; rev:1;) alert tcp $HOME_NET any -> [37.29.124.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.29.124.94/; sid:900605583; rev:1;) alert tcp $HOME_NET any -> [103.239.165.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.239.165.24/; sid:900605584; rev:1;) alert tcp $HOME_NET any -> [103.146.2.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605587; rev:1;) alert tcp $HOME_NET any -> [103.54.42.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.42.218/; sid:900605588; rev:1;) alert tcp $HOME_NET any -> [85.25.134.43] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.134.43/; sid:900605589; rev:1;) alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900605590; rev:1;) alert tcp $HOME_NET any -> [213.208.134.178] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.208.134.178/; sid:900605591; rev:1;) alert tcp $HOME_NET any -> [50.243.30.51] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.243.30.51/; sid:900605592; rev:1;) alert tcp $HOME_NET any -> [37.247.35.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.132/; sid:900605593; rev:1;) alert tcp $HOME_NET any -> [162.241.204.234] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.234/; sid:900605595; rev:1;) alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900605596; rev:1;) alert tcp $HOME_NET any -> [185.97.135.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.97.135.164/; sid:900605597; rev:1;) alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900605598; rev:1;) alert tcp $HOME_NET any -> [203.160.59.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.59.14/; sid:900605601; rev:1;) alert tcp $HOME_NET any -> [36.66.111.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.111.251/; sid:900605602; rev:1;) alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900605603; rev:1;) alert tcp $HOME_NET any -> [37.247.35.137] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.137/; sid:900605604; rev:1;) alert tcp $HOME_NET any -> [116.251.211.158] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.251.211.158/; sid:900605605; rev:1;) alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900605607; rev:1;) alert tcp $HOME_NET any -> [114.34.226.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.34.226.52/; sid:900605609; rev:1;) alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900605610; rev:1;) alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900605612; rev:1;) alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900605613; rev:1;) alert tcp $HOME_NET any -> [190.152.71.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.71.230/; sid:900605615; rev:1;) alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900605616; rev:1;) alert tcp $HOME_NET any -> [181.191.67.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.191.67.186/; sid:900605617; rev:1;) alert tcp $HOME_NET any -> [77.220.64.135] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.135/; sid:900605618; rev:1;) alert tcp $HOME_NET any -> [107.180.90.10] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.180.90.10/; sid:900605619; rev:1;) alert tcp $HOME_NET any -> [31.24.158.56] 7275 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.24.158.56/; sid:900605620; rev:1;) alert tcp $HOME_NET any -> [167.179.194.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.194.205/; sid:900605621; rev:1;) alert tcp $HOME_NET any -> [79.106.115.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.103/; sid:900605622; rev:1;) alert tcp $HOME_NET any -> [178.33.183.53] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.183.53/; sid:900605623; rev:1;) alert tcp $HOME_NET any -> [210.65.244.166] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.166/; sid:900605624; rev:1;) alert tcp $HOME_NET any -> [157.7.139.198] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.139.198/; sid:900605625; rev:1;) alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900605626; rev:1;) alert tcp $HOME_NET any -> [41.76.108.46] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900605627; rev:1;) alert tcp $HOME_NET any -> [195.154.221.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.221.186/; sid:900605628; rev:1;) alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900605629; rev:1;) alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900605632; rev:1;) alert tcp $HOME_NET any -> [91.235.129.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.199/; sid:900605633; rev:1;) alert tcp $HOME_NET any -> [62.75.168.152] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.152/; sid:900605634; rev:1;) alert tcp $HOME_NET any -> [147.78.186.4] 10051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.78.186.4/; sid:900605635; rev:1;) alert tcp $HOME_NET any -> [210.65.244.184] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.184/; sid:900605636; rev:1;) alert tcp $HOME_NET any -> [174.105.233.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.105.233.82/; sid:900605637; rev:1;) alert tcp $HOME_NET any -> [45.164.80.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.164.80.94/; sid:900605638; rev:1;) alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900605641; rev:1;) alert tcp $HOME_NET any -> [199.204.214.26] 7073 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.26/; sid:900605642; rev:1;) alert tcp $HOME_NET any -> [95.140.127.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.127.82/; sid:900605643; rev:1;) alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900605646; rev:1;) alert tcp $HOME_NET any -> [219.91.189.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.91.189.17/; sid:900605647; rev:1;) alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900605648; rev:1;) alert tcp $HOME_NET any -> [103.18.108.116] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.18.108.116/; sid:900605649; rev:1;) alert tcp $HOME_NET any -> [36.91.107.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.107.247/; sid:900605651; rev:1;) alert tcp $HOME_NET any -> [12.158.156.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.158.156.51/; sid:900605652; rev:1;) alert tcp $HOME_NET any -> [49.231.17.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.17.146/; sid:900605654; rev:1;) alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900605655; rev:1;) alert tcp $HOME_NET any -> [72.133.71.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.71.61/; sid:900605656; rev:1;) alert tcp $HOME_NET any -> [103.26.251.214] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.26.251.214/; sid:900605657; rev:1;) alert tcp $HOME_NET any -> [98.6.170.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.170.206/; sid:900605659; rev:1;) alert tcp $HOME_NET any -> [102.67.74.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.67.74.24/; sid:900605660; rev:1;) alert tcp $HOME_NET any -> [5.2.158.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.158.159/; sid:900605661; rev:1;) alert tcp $HOME_NET any -> [92.245.172.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.245.172.211/; sid:900605662; rev:1;) alert tcp $HOME_NET any -> [176.115.19.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.19.84/; sid:900605663; rev:1;) alert tcp $HOME_NET any -> [76.84.51.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.51.10/; sid:900605664; rev:1;) alert tcp $HOME_NET any -> [62.209.206.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.209.206.195/; sid:900605665; rev:1;) alert tcp $HOME_NET any -> [85.175.171.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605666; rev:1;) alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900605667; rev:1;) alert tcp $HOME_NET any -> [103.6.213.203] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.6.213.203/; sid:900605668; rev:1;) alert tcp $HOME_NET any -> [46.41.130.218] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900605669; rev:1;) alert tcp $HOME_NET any -> [71.66.174.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.66.174.34/; sid:900605670; rev:1;) alert tcp $HOME_NET any -> [5.189.181.107] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.181.107/; sid:900605671; rev:1;) alert tcp $HOME_NET any -> [198.179.109.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.179.109.238/; sid:900605672; rev:1;) alert tcp $HOME_NET any -> [72.2.179.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.2.179.4/; sid:900605673; rev:1;) alert tcp $HOME_NET any -> [45.127.134.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.127.134.203/; sid:900605674; rev:1;) alert tcp $HOME_NET any -> [41.138.131.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.138.131.67/; sid:900605675; rev:1;) alert tcp $HOME_NET any -> [203.112.210.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.112.210.46/; sid:900605676; rev:1;) alert tcp $HOME_NET any -> [103.77.205.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.77.205.102/; sid:900605677; rev:1;) alert tcp $HOME_NET any -> [116.212.132.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.111/; sid:900605678; rev:1;) alert tcp $HOME_NET any -> [103.110.14.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.14.43/; sid:900605679; rev:1;) alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900605680; rev:1;) alert tcp $HOME_NET any -> [88.119.86.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.119.86.75/; sid:900605681; rev:1;) alert tcp $HOME_NET any -> [182.160.109.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.109.205/; sid:900605682; rev:1;) alert tcp $HOME_NET any -> [103.15.140.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.15.140.141/; sid:900605683; rev:1;) alert tcp $HOME_NET any -> [45.167.249.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.249.126/; sid:900605684; rev:1;) alert tcp $HOME_NET any -> [103.138.172.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.138.172.74/; sid:900605685; rev:1;) alert tcp $HOME_NET any -> [182.23.81.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.81.218/; sid:900605686; rev:1;) alert tcp $HOME_NET any -> [45.229.71.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605687; rev:1;) alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900605688; rev:1;) alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900605691; rev:1;) alert tcp $HOME_NET any -> [185.229.225.1] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.229.225.1/; sid:900605695; rev:1;) alert tcp $HOME_NET any -> [210.65.244.174] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.174/; sid:900605696; rev:1;) alert tcp $HOME_NET any -> [159.8.59.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900605699; rev:1;) alert tcp $HOME_NET any -> [196.41.57.46] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605701; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900605702; rev:1;) alert tcp $HOME_NET any -> [98.142.187.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.233/; sid:900605704; rev:1;) alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900605711; rev:1;) alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900605712; rev:1;) alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900605713; rev:1;) alert tcp $HOME_NET any -> [173.81.4.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605714; rev:1;) alert tcp $HOME_NET any -> [5.59.205.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.59.205.32/; sid:900605715; rev:1;) alert tcp $HOME_NET any -> [161.132.187.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.132.187.158/; sid:900605716; rev:1;) alert tcp $HOME_NET any -> [98.142.187.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.174/; sid:900605719; rev:1;) alert tcp $HOME_NET any -> [80.211.33.13] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.33.13/; sid:900605722; rev:1;) alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900605724; rev:1;) alert tcp $HOME_NET any -> [188.18.7.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.18.7.133/; sid:900605725; rev:1;) alert tcp $HOME_NET any -> [63.249.67.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.249.67.70/; sid:900605726; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900605727; rev:1;) alert tcp $HOME_NET any -> [31.148.29.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.29.153/; sid:900605728; rev:1;) alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900605729; rev:1;) alert tcp $HOME_NET any -> [181.143.251.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605730; rev:1;) alert tcp $HOME_NET any -> [202.131.227.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.226/; sid:900605732; rev:1;) alert tcp $HOME_NET any -> [200.105.134.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.134.99/; sid:900605734; rev:1;) alert tcp $HOME_NET any -> [62.213.14.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.213.14.166/; sid:900605735; rev:1;) alert tcp $HOME_NET any -> [103.76.150.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.150.14/; sid:900605736; rev:1;) alert tcp $HOME_NET any -> [41.77.134.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.134.250/; sid:900605737; rev:1;) alert tcp $HOME_NET any -> [78.158.171.245] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.158.171.245/; sid:900605739; rev:1;) alert tcp $HOME_NET any -> [103.82.146.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.146.212/; sid:900605740; rev:1;) alert tcp $HOME_NET any -> [172.93.133.123] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.133.123/; sid:900605743; rev:1;) alert tcp $HOME_NET any -> [108.168.61.147] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.168.61.147/; sid:900605744; rev:1;) alert tcp $HOME_NET any -> [123.200.26.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.200.26.246/; sid:900605745; rev:1;) alert tcp $HOME_NET any -> [34.205.48.95] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.205.48.95/; sid:900605747; rev:1;) alert tcp $HOME_NET any -> [94.53.130.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.53.130.195/; sid:900605748; rev:1;) alert tcp $HOME_NET any -> [77.232.163.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.232.163.203/; sid:900605750; rev:1;) alert tcp $HOME_NET any -> [87.97.178.92] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605751; rev:1;) alert tcp $HOME_NET any -> [91.243.125.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.243.125.5/; sid:900605752; rev:1;) alert tcp $HOME_NET any -> [181.143.251.154] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605753; rev:1;) alert tcp $HOME_NET any -> [185.94.172.15] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.172.15/; sid:900605754; rev:1;) alert tcp $HOME_NET any -> [163.53.83.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.83.117/; sid:900605755; rev:1;) alert tcp $HOME_NET any -> [202.131.227.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.229/; sid:900605756; rev:1;) alert tcp $HOME_NET any -> [180.178.109.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.109.222/; sid:900605757; rev:1;) alert tcp $HOME_NET any -> [156.19.152.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.19.152.218/; sid:900605759; rev:1;) alert tcp $HOME_NET any -> [72.249.22.245] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900605763; rev:1;) alert tcp $HOME_NET any -> [8.210.53.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.210.53.215/; sid:900605764; rev:1;) alert tcp $HOME_NET any -> [131.100.24.192] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.192/; sid:900605765; rev:1;) alert tcp $HOME_NET any -> [87.97.178.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605766; rev:1;) alert tcp $HOME_NET any -> [170.233.120.53] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.120.53/; sid:900605770; rev:1;) alert tcp $HOME_NET any -> [62.75.251.60] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900605771; rev:1;) alert tcp $HOME_NET any -> [185.148.168.25] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.25/; sid:900605772; rev:1;) alert tcp $HOME_NET any -> [50.116.27.97] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.27.97/; sid:900605773; rev:1;) alert tcp $HOME_NET any -> [159.203.93.122] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.93.122/; sid:900605774; rev:1;) alert tcp $HOME_NET any -> [131.100.24.230] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.230/; sid:900605775; rev:1;) alert tcp $HOME_NET any -> [51.91.156.39] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.156.39/; sid:900605777; rev:1;) alert tcp $HOME_NET any -> [67.196.50.240] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.196.50.240/; sid:900605778; rev:1;) alert tcp $HOME_NET any -> [154.79.244.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.244.182/; sid:900605780; rev:1;) alert tcp $HOME_NET any -> [131.0.112.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.112.122/; sid:900605781; rev:1;) alert tcp $HOME_NET any -> [181.176.161.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.161.143/; sid:900605782; rev:1;) alert tcp $HOME_NET any -> [178.254.161.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.161.250/; sid:900605783; rev:1;) alert tcp $HOME_NET any -> [178.134.47.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.47.166/; sid:900605784; rev:1;) alert tcp $HOME_NET any -> [154.79.245.158] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.245.158/; sid:900605785; rev:1;) alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900605786; rev:1;) alert tcp $HOME_NET any -> [178.72.192.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.72.192.20/; sid:900605787; rev:1;) alert tcp $HOME_NET any -> [158.181.179.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.179.229/; sid:900605788; rev:1;) alert tcp $HOME_NET any -> [139.255.116.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.116.42/; sid:900605789; rev:1;) alert tcp $HOME_NET any -> [185.148.168.240] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.240/; sid:900605797; rev:1;) alert tcp $HOME_NET any -> [162.216.125.131] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.125.131/; sid:900605798; rev:1;) alert tcp $HOME_NET any -> [193.200.130.178] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.178/; sid:900605799; rev:1;) alert tcp $HOME_NET any -> [195.9.232.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.232.252/; sid:900605801; rev:1;) alert tcp $HOME_NET any -> [185.148.168.26] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.26/; sid:900605802; rev:1;) alert tcp $HOME_NET any -> [78.46.73.125] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.73.125/; sid:900605803; rev:1;) alert tcp $HOME_NET any -> [193.47.240.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.47.240.8/; sid:900605804; rev:1;) alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900605805; rev:1;) alert tcp $HOME_NET any -> [188.226.199.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.226.199.7/; sid:900605806; rev:1;) alert tcp $HOME_NET any -> [46.101.216.218] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.216.218/; sid:900605807; rev:1;) alert tcp $HOME_NET any -> [178.254.33.197] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.197/; sid:900605808; rev:1;) alert tcp $HOME_NET any -> [167.114.113.13] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.113.13/; sid:900605813; rev:1;) alert tcp $HOME_NET any -> [193.200.130.181] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.181/; sid:900605814; rev:1;) alert tcp $HOME_NET any -> [67.207.83.96] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.83.96/; sid:900605815; rev:1;) alert tcp $HOME_NET any -> [45.55.134.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900605816; rev:1;) alert tcp $HOME_NET any -> [190.152.4.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.202/; sid:900605817; rev:1;) alert tcp $HOME_NET any -> [103.54.41.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.41.193/; sid:900605821; rev:1;) alert tcp $HOME_NET any -> [210.65.244.183] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.183/; sid:900605822; rev:1;) alert tcp $HOME_NET any -> [210.65.244.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.176/; sid:900605823; rev:1;) alert tcp $HOME_NET any -> [37.34.58.210] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.58.210/; sid:900605824; rev:1;) alert tcp $HOME_NET any -> [210.65.244.179] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.179/; sid:900605825; rev:1;) alert tcp $HOME_NET any -> [117.54.250.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.250.246/; sid:900605826; rev:1;) alert tcp $HOME_NET any -> [131.100.24.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.215/; sid:900605827; rev:1;) alert tcp $HOME_NET any -> [146.185.170.249] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.170.249/; sid:900605828; rev:1;) alert tcp $HOME_NET any -> [210.65.244.182] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.182/; sid:900605829; rev:1;) alert tcp $HOME_NET any -> [103.111.199.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.199.76/; sid:900605830; rev:1;) alert tcp $HOME_NET any -> [131.100.24.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900605831; rev:1;) alert tcp $HOME_NET any -> [115.73.211.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.73.211.230/; sid:900605832; rev:1;) alert tcp $HOME_NET any -> [188.40.137.206] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900605833; rev:1;) alert tcp $HOME_NET any -> [131.100.24.217] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.217/; sid:900605834; rev:1;) alert tcp $HOME_NET any -> [103.9.77.211] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.77.211/; sid:900605835; rev:1;) alert tcp $HOME_NET any -> [210.65.244.169] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.169/; sid:900605836; rev:1;) alert tcp $HOME_NET any -> [94.247.168.64] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.168.64/; sid:900605837; rev:1;) alert tcp $HOME_NET any -> [162.144.34.234] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.34.234/; sid:900605838; rev:1;) alert tcp $HOME_NET any -> [162.144.76.184] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900605839; rev:1;) alert tcp $HOME_NET any -> [198.20.253.36] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.20.253.36/; sid:900605840; rev:1;) alert tcp $HOME_NET any -> [159.8.59.82] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900605841; rev:1;) alert tcp $HOME_NET any -> [66.113.160.126] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.113.160.126/; sid:900605842; rev:1;) alert tcp $HOME_NET any -> [95.138.161.226] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.138.161.226/; sid:900605843; rev:1;) alert tcp $HOME_NET any -> [131.100.24.202] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.202/; sid:900605844; rev:1;) alert tcp $HOME_NET any -> [193.160.214.95] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.160.214.95/; sid:900605845; rev:1;) alert tcp $HOME_NET any -> [67.43.4.76] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.43.4.76/; sid:900605846; rev:1;) alert tcp $HOME_NET any -> [185.138.78.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.138.78.73/; sid:900605851; rev:1;) alert tcp $HOME_NET any -> [82.165.145.100] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900605853; rev:1;) alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900605854; rev:1;) alert tcp $HOME_NET any -> [94.177.255.18] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.255.18/; sid:900605855; rev:1;) alert tcp $HOME_NET any -> [91.191.172.125] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.125/; sid:900605856; rev:1;) alert tcp $HOME_NET any -> [218.38.136.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.136.5/; sid:900605857; rev:1;) alert tcp $HOME_NET any -> [194.5.249.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.143/; sid:900605860; rev:1;) alert tcp $HOME_NET any -> [162.241.209.225] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.209.225/; sid:900605862; rev:1;) alert tcp $HOME_NET any -> [82.209.17.209] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.209.17.209/; sid:900605863; rev:1;) alert tcp $HOME_NET any -> [43.229.206.212] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.212/; sid:900605864; rev:1;) alert tcp $HOME_NET any -> [1.234.20.244] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.20.244/; sid:900605866; rev:1;) alert tcp $HOME_NET any -> [45.123.40.54] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.40.54/; sid:900605867; rev:1;) alert tcp $HOME_NET any -> [180.250.21.2] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900605868; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900605871; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900605872; rev:1;) alert tcp $HOME_NET any -> [77.72.145.112] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.145.112/; sid:900605875; rev:1;) alert tcp $HOME_NET any -> [128.199.200.38] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.200.38/; sid:900605876; rev:1;) alert tcp $HOME_NET any -> [192.163.233.216] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.233.216/; sid:900605877; rev:1;) alert tcp $HOME_NET any -> [43.229.206.244] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.244/; sid:900605878; rev:1;) alert tcp $HOME_NET any -> [46.254.128.174] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.254.128.174/; sid:900605881; rev:1;) alert tcp $HOME_NET any -> [162.241.41.92] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.92/; sid:900605883; rev:1;) alert tcp $HOME_NET any -> [210.65.244.187] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.187/; sid:900605885; rev:1;) alert tcp $HOME_NET any -> [185.183.159.100] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.159.100/; sid:900605886; rev:1;) alert tcp $HOME_NET any -> [185.242.89.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.89.198/; sid:900605888; rev:1;) alert tcp $HOME_NET any -> [181.176.221.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.151/; sid:900605891; rev:1;) alert tcp $HOME_NET any -> [181.176.174.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.174.139/; sid:900605892; rev:1;) alert tcp $HOME_NET any -> [185.242.88.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.88.63/; sid:900605893; rev:1;) alert tcp $HOME_NET any -> [186.32.3.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.3.108/; sid:900605894; rev:1;) alert tcp $HOME_NET any -> [185.80.92.160] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.80.92.160/; sid:900605898; rev:1;) alert tcp $HOME_NET any -> [180.250.21.5] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.5/; sid:900605900; rev:1;) alert tcp $HOME_NET any -> [197.254.14.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.14.238/; sid:900605901; rev:1;) alert tcp $HOME_NET any -> [144.48.139.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.139.206/; sid:900605902; rev:1;) alert tcp $HOME_NET any -> [27.72.107.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.107.215/; sid:900605903; rev:1;) alert tcp $HOME_NET any -> [201.23.76.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.23.76.18/; sid:900605904; rev:1;) alert tcp $HOME_NET any -> [185.189.55.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900605905; rev:1;) alert tcp $HOME_NET any -> [196.43.106.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.43.106.38/; sid:900605906; rev:1;) alert tcp $HOME_NET any -> [190.110.179.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.179.139/; sid:900605907; rev:1;) alert tcp $HOME_NET any -> [37.228.70.134] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.70.134/; sid:900605908; rev:1;) alert tcp $HOME_NET any -> [185.9.187.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.9.187.10/; sid:900605909; rev:1;) alert tcp $HOME_NET any -> [91.235.129.79] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.79/; sid:900605910; rev:1;) alert tcp $HOME_NET any -> [128.199.182.253] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.182.253/; sid:900605911; rev:1;) alert tcp $HOME_NET any -> [14.241.244.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.244.60/; sid:900605912; rev:1;) alert tcp $HOME_NET any -> [196.41.57.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605914; rev:1;) alert tcp $HOME_NET any -> [103.164.180.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.164.180.66/; sid:900605915; rev:1;) alert tcp $HOME_NET any -> [109.207.165.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.207.165.40/; sid:900605916; rev:1;) alert tcp $HOME_NET any -> [212.200.25.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.200.25.118/; sid:900605917; rev:1;) alert tcp $HOME_NET any -> [181.167.217.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.217.53/; sid:900605918; rev:1;) alert tcp $HOME_NET any -> [186.97.172.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.172.178/; sid:900605919; rev:1;) alert tcp $HOME_NET any -> [186.66.15.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.15.10/; sid:900605920; rev:1;) alert tcp $HOME_NET any -> [181.129.116.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.116.58/; sid:900605921; rev:1;) alert tcp $HOME_NET any -> [177.67.137.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.137.111/; sid:900605922; rev:1;) alert tcp $HOME_NET any -> [189.206.78.155] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.206.78.155/; sid:900605924; rev:1;) alert tcp $HOME_NET any -> [45.229.71.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605925; rev:1;) alert tcp $HOME_NET any -> [181.129.242.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.242.202/; sid:900605926; rev:1;) alert tcp $HOME_NET any -> [202.166.196.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.166.196.111/; sid:900605927; rev:1;) alert tcp $HOME_NET any -> [187.19.167.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.19.167.233/; sid:900605928; rev:1;) alert tcp $HOME_NET any -> [186.225.63.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.63.18/; sid:900605929; rev:1;) alert tcp $HOME_NET any -> [43.245.216.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.116/; sid:900605930; rev:1;) alert tcp $HOME_NET any -> [202.138.242.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.138.242.7/; sid:900605931; rev:1;) alert tcp $HOME_NET any -> [144.48.138.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.138.213/; sid:900605932; rev:1;) alert tcp $HOME_NET any -> [36.94.100.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.100.202/; sid:900605933; rev:1;) alert tcp $HOME_NET any -> [36.94.27.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.27.124/; sid:900605934; rev:1;) alert tcp $HOME_NET any -> [45.178.142.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.178.142.14/; sid:900605935; rev:1;) alert tcp $HOME_NET any -> [49.156.34.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.34.134/; sid:900605936; rev:1;) alert tcp $HOME_NET any -> [203.114.109.114] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.114/; sid:900605937; rev:1;) alert tcp $HOME_NET any -> [190.109.204.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.204.126/; sid:900605938; rev:1;) alert tcp $HOME_NET any -> [103.124.145.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.145.98/; sid:900605940; rev:1;) alert tcp $HOME_NET any -> [85.248.1.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.248.1.126/; sid:900605941; rev:1;) alert tcp $HOME_NET any -> [94.183.237.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.237.101/; sid:900605942; rev:1;) alert tcp $HOME_NET any -> [114.7.240.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.7.240.222/; sid:900605943; rev:1;) alert tcp $HOME_NET any -> [89.37.1.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.37.1.2/; sid:900605944; rev:1;) alert tcp $HOME_NET any -> [94.142.179.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.77/; sid:900605945; rev:1;) alert tcp $HOME_NET any -> [146.196.121.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.121.219/; sid:900605946; rev:1;) alert tcp $HOME_NET any -> [94.142.179.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.179/; sid:900605947; rev:1;) alert tcp $HOME_NET any -> [85.175.171.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605948; rev:1;) alert tcp $HOME_NET any -> [177.221.39.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.39.161/; sid:900605949; rev:1;) alert tcp $HOME_NET any -> [46.209.140.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.209.140.220/; sid:900605950; rev:1;) alert tcp $HOME_NET any -> [88.150.240.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.240.129/; sid:900605951; rev:1;) alert tcp $HOME_NET any -> [123.231.149.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605952; rev:1;) alert tcp $HOME_NET any -> [103.101.104.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.104.229/; sid:900605953; rev:1;) alert tcp $HOME_NET any -> [116.0.6.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.6.110/; sid:900605954; rev:1;) alert tcp $HOME_NET any -> [182.160.116.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.116.190/; sid:900605955; rev:1;) alert tcp $HOME_NET any -> [103.242.104.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.68/; sid:900605956; rev:1;) alert tcp $HOME_NET any -> [180.178.106.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.106.50/; sid:900605957; rev:1;) alert tcp $HOME_NET any -> [103.12.160.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.160.164/; sid:900605958; rev:1;) alert tcp $HOME_NET any -> [91.83.88.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.88.122/; sid:900605960; rev:1;) alert tcp $HOME_NET any -> [186.42.253.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.253.110/; sid:900605961; rev:1;) alert tcp $HOME_NET any -> [104.238.138.234] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900605964; rev:1;) alert tcp $HOME_NET any -> [95.85.255.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.255.220/; sid:900605965; rev:1;) alert tcp $HOME_NET any -> [94.23.86.141] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.86.141/; sid:900605966; rev:1;) alert tcp $HOME_NET any -> [62.75.161.205] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.161.205/; sid:900605967; rev:1;) alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900605968; rev:1;) alert tcp $HOME_NET any -> [162.214.106.107] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.106.107/; sid:900605970; rev:1;) alert tcp $HOME_NET any -> [190.214.44.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.44.58/; sid:900605972; rev:1;) alert tcp $HOME_NET any -> [51.77.82.110] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.110/; sid:900605973; rev:1;) alert tcp $HOME_NET any -> [207.210.192.60] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.192.60/; sid:900605974; rev:1;) alert tcp $HOME_NET any -> [159.69.237.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.237.186/; sid:900605975; rev:1;) alert tcp $HOME_NET any -> [116.212.152.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.152.225/; sid:900605977; rev:1;) alert tcp $HOME_NET any -> [157.245.231.228] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.231.228/; sid:900605978; rev:1;) alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900605979; rev:1;) alert tcp $HOME_NET any -> [45.158.199.220] 30333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.158.199.220/; sid:900605980; rev:1;) alert tcp $HOME_NET any -> [199.204.214.52] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.52/; sid:900605981; rev:1;) alert tcp $HOME_NET any -> [45.233.146.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.233.146.114/; sid:900605982; rev:1;) alert tcp $HOME_NET any -> [91.200.186.229] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.229/; sid:900605983; rev:1;) alert tcp $HOME_NET any -> [128.199.36.62] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.36.62/; sid:900605984; rev:1;) alert tcp $HOME_NET any -> [50.116.54.215] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.215/; sid:900605985; rev:1;) alert tcp $HOME_NET any -> [142.93.223.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.223.149/; sid:900605986; rev:1;) alert tcp $HOME_NET any -> [162.214.127.16] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.127.16/; sid:900605987; rev:1;) alert tcp $HOME_NET any -> [177.154.161.246] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.161.246/; sid:900605988; rev:1;) alert tcp $HOME_NET any -> [144.202.49.155] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.49.155/; sid:900605989; rev:1;) alert tcp $HOME_NET any -> [103.102.220.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.102.220.50/; sid:900605998; rev:1;) alert tcp $HOME_NET any -> [177.84.63.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.84.63.252/; sid:900606007; rev:1;) alert tcp $HOME_NET any -> [185.119.120.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.119.120.213/; sid:900606013; rev:1;) alert tcp $HOME_NET any -> [83.220.115.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.115.230/; sid:900606014; rev:1;) alert tcp $HOME_NET any -> [189.195.96.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.96.238/; sid:900606023; rev:1;) alert tcp $HOME_NET any -> [115.127.160.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.127.160.171/; sid:900606026; rev:1;) alert tcp $HOME_NET any -> [186.46.28.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.28.202/; sid:900606027; rev:1;) alert tcp $HOME_NET any -> [91.235.129.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.8/; sid:900606030; rev:1;) alert tcp $HOME_NET any -> [103.242.104.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.43/; sid:900606031; rev:1;) alert tcp $HOME_NET any -> [181.112.157.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900606032; rev:1;) alert tcp $HOME_NET any -> [97.83.40.67] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.40.67/; sid:900606034; rev:1;) alert tcp $HOME_NET any -> [139.59.59.242] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.59.242/; sid:900606035; rev:1;) alert tcp $HOME_NET any -> [91.207.28.33] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.28.33/; sid:900606036; rev:1;) alert tcp $HOME_NET any -> [178.128.197.110] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.197.110/; sid:900606037; rev:1;) alert tcp $HOME_NET any -> [91.191.172.124] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.124/; sid:900606038; rev:1;) alert tcp $HOME_NET any -> [12.23.113.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.92/; sid:900606039; rev:1;) alert tcp $HOME_NET any -> [50.249.212.98] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.212.98/; sid:900606040; rev:1;) alert tcp $HOME_NET any -> [144.76.1.150] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.1.150/; sid:900606041; rev:1;) alert tcp $HOME_NET any -> [104.168.154.79] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900606042; rev:1;) alert tcp $HOME_NET any -> [185.189.55.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900606043; rev:1;) alert tcp $HOME_NET any -> [12.23.113.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.25/; sid:900606045; rev:1;) alert tcp $HOME_NET any -> [209.33.231.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.231.203/; sid:900606046; rev:1;) alert tcp $HOME_NET any -> [174.47.92.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.47.92.130/; sid:900606047; rev:1;) alert tcp $HOME_NET any -> [178.156.77.176] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.176/; sid:900606048; rev:1;) alert tcp $HOME_NET any -> [72.47.4.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.4.61/; sid:900606049; rev:1;) alert tcp $HOME_NET any -> [80.59.193.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.59.193.237/; sid:900606050; rev:1;) alert tcp $HOME_NET any -> [71.78.79.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.79.138/; sid:900606051; rev:1;) alert tcp $HOME_NET any -> [71.78.136.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.136.194/; sid:900606052; rev:1;) alert tcp $HOME_NET any -> [71.78.156.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.156.115/; sid:900606053; rev:1;) alert tcp $HOME_NET any -> [74.218.165.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.218.165.159/; sid:900606054; rev:1;) alert tcp $HOME_NET any -> [70.117.40.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.117.40.230/; sid:900606055; rev:1;) alert tcp $HOME_NET any -> [72.131.205.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.131.205.22/; sid:900606056; rev:1;) alert tcp $HOME_NET any -> [94.228.90.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.228.90.140/; sid:900606057; rev:1;) alert tcp $HOME_NET any -> [95.170.11.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.170.11.5/; sid:900606058; rev:1;) alert tcp $HOME_NET any -> [12.23.113.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.61/; sid:900606059; rev:1;) alert tcp $HOME_NET any -> [178.156.77.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.177/; sid:900606060; rev:1;) alert tcp $HOME_NET any -> [185.162.1.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.162.1.250/; sid:900606061; rev:1;) alert tcp $HOME_NET any -> [184.74.38.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.38.22/; sid:900606062; rev:1;) alert tcp $HOME_NET any -> [188.27.238.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.238.63/; sid:900606063; rev:1;) alert tcp $HOME_NET any -> [216.251.86.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.86.132/; sid:900606064; rev:1;) alert tcp $HOME_NET any -> [71.78.139.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.139.154/; sid:900606065; rev:1;) alert tcp $HOME_NET any -> [71.78.188.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.188.14/; sid:900606066; rev:1;) alert tcp $HOME_NET any -> [71.78.209.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.209.122/; sid:900606067; rev:1;) alert tcp $HOME_NET any -> [71.78.65.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.65.54/; sid:900606068; rev:1;) alert tcp $HOME_NET any -> [77.241.196.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.241.196.234/; sid:900606069; rev:1;) alert tcp $HOME_NET any -> [85.187.252.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.252.141/; sid:900606070; rev:1;) alert tcp $HOME_NET any -> [89.186.8.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.8.250/; sid:900606071; rev:1;) alert tcp $HOME_NET any -> [80.83.172.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.83.172.132/; sid:900606072; rev:1;) alert tcp $HOME_NET any -> [148.235.154.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.235.154.164/; sid:900606073; rev:1;) alert tcp $HOME_NET any -> [185.81.51.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.81.51.44/; sid:900606074; rev:1;) alert tcp $HOME_NET any -> [190.145.83.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.83.98/; sid:900606075; rev:1;) alert tcp $HOME_NET any -> [38.110.103.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.103.19/; sid:900606076; rev:1;) alert tcp $HOME_NET any -> [41.77.185.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.185.182/; sid:900606080; rev:1;) alert tcp $HOME_NET any -> [203.176.138.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.138.46/; sid:900606085; rev:1;) alert tcp $HOME_NET any -> [181.176.221.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.243/; sid:900606086; rev:1;) alert tcp $HOME_NET any -> [162.243.237.209] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.237.209/; sid:900606087; rev:1;) alert tcp $HOME_NET any -> [81.0.236.71] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.71/; sid:900606088; rev:1;) alert tcp $HOME_NET any -> [178.79.150.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.150.86/; sid:900606089; rev:1;) alert tcp $HOME_NET any -> [74.85.157.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.85.157.139/; sid:900606091; rev:1;) alert tcp $HOME_NET any -> [177.10.90.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.10.90.29/; sid:900606093; rev:1;) alert tcp $HOME_NET any -> [45.239.234.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.234.2/; sid:900606094; rev:1;) alert tcp $HOME_NET any -> [41.57.156.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.156.203/; sid:900606095; rev:1;) alert tcp $HOME_NET any -> [95.111.235.8] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.111.235.8/; sid:900606097; rev:1;) alert tcp $HOME_NET any -> [103.42.57.18] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.18/; sid:900606098; rev:1;) alert tcp $HOME_NET any -> [115.68.220.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.68.220.48/; sid:900606099; rev:1;) alert tcp $HOME_NET any -> [45.201.136.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.136.3/; sid:900606100; rev:1;) alert tcp $HOME_NET any -> [14.232.161.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.232.161.45/; sid:900606102; rev:1;) alert tcp $HOME_NET any -> [220.82.64.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.82.64.198/; sid:900606103; rev:1;) alert tcp $HOME_NET any -> [45.239.233.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.131/; sid:900606104; rev:1;) alert tcp $HOME_NET any -> [196.216.59.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.59.174/; sid:900606105; rev:1;) alert tcp $HOME_NET any -> [113.160.132.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.132.237/; sid:900606106; rev:1;) alert tcp $HOME_NET any -> [202.165.47.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.165.47.106/; sid:900606107; rev:1;) alert tcp $HOME_NET any -> [181.114.215.239] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.215.239/; sid:900606108; rev:1;) alert tcp $HOME_NET any -> [105.30.26.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.30.26.50/; sid:900606109; rev:1;) alert tcp $HOME_NET any -> [222.124.16.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.16.74/; sid:900606110; rev:1;) alert tcp $HOME_NET any -> [186.225.119.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.119.170/; sid:900606113; rev:1;) alert tcp $HOME_NET any -> [200.236.218.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.218.62/; sid:900606114; rev:1;) alert tcp $HOME_NET any -> [49.248.217.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.217.170/; sid:900606115; rev:1;) alert tcp $HOME_NET any -> [119.202.8.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.202.8.249/; sid:900606116; rev:1;) alert tcp $HOME_NET any -> [103.122.228.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.228.44/; sid:900606117; rev:1;) alert tcp $HOME_NET any -> [143.0.208.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.208.20/; sid:900606118; rev:1;) alert tcp $HOME_NET any -> [38.110.100.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.104/; sid:900606122; rev:1;) alert tcp $HOME_NET any -> [45.36.99.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.99.184/; sid:900606124; rev:1;) alert tcp $HOME_NET any -> [24.162.214.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.162.214.166/; sid:900606127; rev:1;) alert tcp $HOME_NET any -> [184.74.99.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.99.214/; sid:900606128; rev:1;) alert tcp $HOME_NET any -> [62.99.76.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.76.213/; sid:900606129; rev:1;) alert tcp $HOME_NET any -> [38.110.100.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.33/; sid:900606131; rev:1;) alert tcp $HOME_NET any -> [170.238.117.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900606132; rev:1;) alert tcp $HOME_NET any -> [5.34.74.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.74.210/; sid:900606134; rev:1;) alert tcp $HOME_NET any -> [31.207.89.74] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900606135; rev:1;) alert tcp $HOME_NET any -> [167.172.119.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.119.42/; sid:900606136; rev:1;) alert tcp $HOME_NET any -> [50.116.23.195] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.23.195/; sid:900606137; rev:1;) alert tcp $HOME_NET any -> [66.62.113.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.62.113.113/; sid:900606140; rev:1;) alert tcp $HOME_NET any -> [190.197.55.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.197.55.254/; sid:900606141; rev:1;) alert tcp $HOME_NET any -> [190.61.43.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.43.241/; sid:900606144; rev:1;) alert tcp $HOME_NET any -> [201.55.206.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.55.206.238/; sid:900606146; rev:1;) alert tcp $HOME_NET any -> [85.87.148.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.148.200/; sid:900606147; rev:1;) alert tcp $HOME_NET any -> [190.144.10.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.10.242/; sid:900606150; rev:1;) alert tcp $HOME_NET any -> [142.4.219.173] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900606151; rev:1;) alert tcp $HOME_NET any -> [176.31.117.84] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.117.84/; sid:900606155; rev:1;) alert tcp $HOME_NET any -> [85.187.234.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.234.15/; sid:900606156; rev:1;) alert tcp $HOME_NET any -> [204.138.26.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.26.220/; sid:900606157; rev:1;) alert tcp $HOME_NET any -> [182.253.106.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.106.35/; sid:900606160; rev:1;) alert tcp $HOME_NET any -> [213.159.208.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.208.145/; sid:900606162; rev:1;) alert tcp $HOME_NET any -> [172.105.110.194] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.110.194/; sid:900606163; rev:1;) alert tcp $HOME_NET any -> [51.75.77.27] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.77.27/; sid:900606164; rev:1;) alert tcp $HOME_NET any -> [138.197.133.25] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.133.25/; sid:900606165; rev:1;) alert tcp $HOME_NET any -> [87.106.97.83] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900606168; rev:1;) alert tcp $HOME_NET any -> [54.191.98.150] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.191.98.150/; sid:900606169; rev:1;) alert tcp $HOME_NET any -> [209.44.106.71] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.44.106.71/; sid:900606170; rev:1;) alert tcp $HOME_NET any -> [54.37.106.167] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900606171; rev:1;) alert tcp $HOME_NET any -> [207.58.132.19] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.58.132.19/; sid:900606172; rev:1;) alert tcp $HOME_NET any -> [107.170.211.239] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.211.239/; sid:900606173; rev:1;) alert tcp $HOME_NET any -> [150.95.20.209] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900606174; rev:1;) alert tcp $HOME_NET any -> [164.68.126.207] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.126.207/; sid:900606175; rev:1;) alert tcp $HOME_NET any -> [37.59.103.148] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.103.148/; sid:900606178; rev:1;) alert tcp $HOME_NET any -> [43.229.206.214] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900606179; rev:1;) alert tcp $HOME_NET any -> [79.143.186.143] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900606180; rev:1;) alert tcp $HOME_NET any -> [195.9.84.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.84.106/; sid:900606181; rev:1;) alert tcp $HOME_NET any -> [104.168.155.113] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.113/; sid:900606182; rev:1;) alert tcp $HOME_NET any -> [107.170.64.97] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.64.97/; sid:900606184; rev:1;) alert tcp $HOME_NET any -> [212.227.94.31] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.94.31/; sid:900606185; rev:1;) alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900606190; rev:1;) alert tcp $HOME_NET any -> [202.29.60.34] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.60.34/; sid:900606191; rev:1;) alert tcp $HOME_NET any -> [78.46.78.42] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.78.42/; sid:900606192; rev:1;) alert tcp $HOME_NET any -> [46.36.221.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.36.221.177/; sid:900606193; rev:1;) alert tcp $HOME_NET any -> [194.135.33.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.220/; sid:900606195; rev:1;) alert tcp $HOME_NET any -> [5.181.80.128] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.128/; sid:900606197; rev:1;) alert tcp $HOME_NET any -> [194.15.113.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.113.73/; sid:900606198; rev:1;) alert tcp $HOME_NET any -> [45.86.65.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.65.164/; sid:900606199; rev:1;) alert tcp $HOME_NET any -> [104.245.146.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.146.203/; sid:900606201; rev:1;) alert tcp $HOME_NET any -> [79.172.201.113] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.201.113/; sid:900606202; rev:1;) alert tcp $HOME_NET any -> [114.207.112.77] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.207.112.77/; sid:900606203; rev:1;) alert tcp $HOME_NET any -> [178.132.7.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.132.7.117/; sid:900606204; rev:1;) alert tcp $HOME_NET any -> [192.119.110.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.110.250/; sid:900606205; rev:1;) alert tcp $HOME_NET any -> [195.123.222.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.222.44/; sid:900606206; rev:1;) alert tcp $HOME_NET any -> [151.236.30.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.30.38/; sid:900606207; rev:1;) alert tcp $HOME_NET any -> [172.83.155.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.212/; sid:900606208; rev:1;) alert tcp $HOME_NET any -> [185.99.133.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.133.118/; sid:900606209; rev:1;) alert tcp $HOME_NET any -> [45.86.74.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.74.32/; sid:900606210; rev:1;) alert tcp $HOME_NET any -> [45.142.158.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.158.199/; sid:900606211; rev:1;) alert tcp $HOME_NET any -> [103.208.86.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.3/; sid:900606212; rev:1;) alert tcp $HOME_NET any -> [81.0.236.93] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900606214; rev:1;) alert tcp $HOME_NET any -> [178.238.236.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.236.59/; sid:900606215; rev:1;) alert tcp $HOME_NET any -> [104.245.52.73] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900606216; rev:1;) alert tcp $HOME_NET any -> [109.104.92.237] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.92.237/; sid:900606217; rev:1;) alert tcp $HOME_NET any -> [162.243.96.221] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.96.221/; sid:900606218; rev:1;) alert tcp $HOME_NET any -> [178.33.158.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.158.180/; sid:900606223; rev:1;) alert tcp $HOME_NET any -> [109.74.50.71] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.50.71/; sid:900606224; rev:1;) alert tcp $HOME_NET any -> [177.185.32.10] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.185.32.10/; sid:900606225; rev:1;) alert tcp $HOME_NET any -> [68.183.216.174] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.216.174/; sid:900606228; rev:1;) alert tcp $HOME_NET any -> [139.162.202.74] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.202.74/; sid:900606229; rev:1;) alert tcp $HOME_NET any -> [45.79.33.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900606230; rev:1;) alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900606231; rev:1;) alert tcp $HOME_NET any -> [46.55.222.10] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.10/; sid:900606232; rev:1;) alert tcp $HOME_NET any -> [173.212.243.155] 7002 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.243.155/; sid:900606233; rev:1;) alert tcp $HOME_NET any -> [177.75.5.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.75.5.222/; sid:900606234; rev:1;) alert tcp $HOME_NET any -> [105.27.205.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.27.205.34/; sid:900606235; rev:1;) alert tcp $HOME_NET any -> [5.152.175.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.152.175.57/; sid:900606236; rev:1;) alert tcp $HOME_NET any -> [185.227.170.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.227.170.13/; sid:900606237; rev:1;) alert tcp $HOME_NET any -> [38.110.100.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.16/; sid:900606238; rev:1;) alert tcp $HOME_NET any -> [45.230.176.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.176.157/; sid:900606239; rev:1;) alert tcp $HOME_NET any -> [46.99.175.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.185/; sid:900606240; rev:1;) alert tcp $HOME_NET any -> [63.147.234.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.147.234.198/; sid:900606241; rev:1;) alert tcp $HOME_NET any -> [82.130.201.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.130.201.18/; sid:900606242; rev:1;) alert tcp $HOME_NET any -> [181.129.167.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900606243; rev:1;) alert tcp $HOME_NET any -> [62.99.79.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.79.77/; sid:900606244; rev:1;) alert tcp $HOME_NET any -> [128.201.76.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.76.252/; sid:900606245; rev:1;) alert tcp $HOME_NET any -> [221.147.172.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.147.172.5/; sid:900606246; rev:1;) alert tcp $HOME_NET any -> [50.21.169.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.169.122/; sid:900606248; rev:1;) alert tcp $HOME_NET any -> [216.166.148.48] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.48/; sid:900606249; rev:1;) alert tcp $HOME_NET any -> [213.155.173.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.155.173.21/; sid:900606250; rev:1;) alert tcp $HOME_NET any -> [82.139.146.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.139.146.190/; sid:900606251; rev:1;) alert tcp $HOME_NET any -> [82.114.68.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.114.68.218/; sid:900606252; rev:1;) alert tcp $HOME_NET any -> [202.5.56.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.5.56.40/; sid:900606253; rev:1;) alert tcp $HOME_NET any -> [188.74.32.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.74.32.54/; sid:900606254; rev:1;) alert tcp $HOME_NET any -> [183.105.49.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.105.49.9/; sid:900606255; rev:1;) alert tcp $HOME_NET any -> [115.88.53.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.53.164/; sid:900606256; rev:1;) alert tcp $HOME_NET any -> [24.242.237.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.242.237.172/; sid:900606257; rev:1;) alert tcp $HOME_NET any -> [177.67.203.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.203.124/; sid:900606258; rev:1;) alert tcp $HOME_NET any -> [177.87.57.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.57.93/; sid:900606259; rev:1;) alert tcp $HOME_NET any -> [196.216.220.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.220.211/; sid:900606260; rev:1;) alert tcp $HOME_NET any -> [36.67.97.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.97.127/; sid:900606261; rev:1;) alert tcp $HOME_NET any -> [103.238.203.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.203.82/; sid:900606263; rev:1;) alert tcp $HOME_NET any -> [177.52.173.20] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.173.20/; sid:900606266; rev:1;) alert tcp $HOME_NET any -> [166.62.103.55] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.62.103.55/; sid:900606267; rev:1;) alert tcp $HOME_NET any -> [103.140.207.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.207.110/; sid:900606268; rev:1;) alert tcp $HOME_NET any -> [197.156.129.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.156.129.250/; sid:900606269; rev:1;) alert tcp $HOME_NET any -> [116.203.25.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.25.236/; sid:900606270; rev:1;) alert tcp $HOME_NET any -> [103.109.247.13] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.13/; sid:900606271; rev:1;) alert tcp $HOME_NET any -> [103.253.107.156] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.156/; sid:900606272; rev:1;) alert tcp $HOME_NET any -> [36.89.98.183] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.98.183/; sid:900606273; rev:1;) alert tcp $HOME_NET any -> [88.87.15.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.87.15.96/; sid:900606274; rev:1;) alert tcp $HOME_NET any -> [45.239.233.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.109/; sid:900606275; rev:1;) alert tcp $HOME_NET any -> [106.243.129.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.129.116/; sid:900606276; rev:1;) alert tcp $HOME_NET any -> [59.4.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.4.68.75/; sid:900606277; rev:1;) alert tcp $HOME_NET any -> [185.164.32.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.148/; sid:900606278; rev:1;) alert tcp $HOME_NET any -> [46.99.175.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.149/; sid:900606279; rev:1;) alert tcp $HOME_NET any -> [46.99.175.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.217/; sid:900606280; rev:1;) alert tcp $HOME_NET any -> [46.99.188.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.188.223/; sid:900606281; rev:1;) alert tcp $HOME_NET any -> [185.56.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.175.122/; sid:900606282; rev:1;) alert tcp $HOME_NET any -> [179.189.229.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.189.229.254/; sid:900606283; rev:1;) alert tcp $HOME_NET any -> [65.152.201.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.152.201.203/; sid:900606284; rev:1;) alert tcp $HOME_NET any -> [216.166.148.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.187/; sid:900606285; rev:1;) alert tcp $HOME_NET any -> [182.253.210.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.210.130/; sid:900606286; rev:1;) alert tcp $HOME_NET any -> [186.235.48.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.48.8/; sid:900606289; rev:1;) alert tcp $HOME_NET any -> [113.160.37.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.37.196/; sid:900606290; rev:1;) alert tcp $HOME_NET any -> [137.74.112.43] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.112.43/; sid:900606291; rev:1;) alert tcp $HOME_NET any -> [216.108.227.55] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.108.227.55/; sid:900606292; rev:1;) alert tcp $HOME_NET any -> [94.177.176.51] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.176.51/; sid:900606293; rev:1;) alert tcp $HOME_NET any -> [24.28.12.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.12.23/; sid:900606294; rev:1;) alert tcp $HOME_NET any -> [139.59.124.65] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.124.65/; sid:900606295; rev:1;) alert tcp $HOME_NET any -> [138.121.91.136] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.121.91.136/; sid:900606296; rev:1;) alert tcp $HOME_NET any -> [103.253.107.155] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.155/; sid:900606297; rev:1;) alert tcp $HOME_NET any -> [147.91.31.1] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.91.31.1/; sid:900606300; rev:1;) alert tcp $HOME_NET any -> [176.9.89.122] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.89.122/; sid:900606301; rev:1;) alert tcp $HOME_NET any -> [158.106.98.110] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.106.98.110/; sid:900606303; rev:1;) alert tcp $HOME_NET any -> [149.210.181.82] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.210.181.82/; sid:900606304; rev:1;) alert tcp $HOME_NET any -> [178.33.13.40] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.13.40/; sid:900606305; rev:1;) alert tcp $HOME_NET any -> [36.66.188.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.188.251/; sid:900606306; rev:1;) alert tcp $HOME_NET any -> [103.30.247.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.115/; sid:900606308; rev:1;) alert tcp $HOME_NET any -> [190.93.208.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.93.208.53/; sid:900606309; rev:1;) alert tcp $HOME_NET any -> [38.110.100.64] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.64/; sid:900606310; rev:1;) alert tcp $HOME_NET any -> [38.110.100.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.219/; sid:900606311; rev:1;) alert tcp $HOME_NET any -> [96.9.77.56] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.77.56/; sid:900606312; rev:1;) alert tcp $HOME_NET any -> [165.22.28.242] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.28.242/; sid:900606314; rev:1;) alert tcp $HOME_NET any -> [118.42.135.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.42.135.173/; sid:900606315; rev:1;) alert tcp $HOME_NET any -> [79.106.115.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.107/; sid:900606316; rev:1;) alert tcp $HOME_NET any -> [103.248.217.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.217.234/; sid:900606317; rev:1;) alert tcp $HOME_NET any -> [43.252.158.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.158.104/; sid:900606321; rev:1;) alert tcp $HOME_NET any -> [75.176.235.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.176.235.182/; sid:900606322; rev:1;) alert tcp $HOME_NET any -> [125.234.128.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.234.128.250/; sid:900606324; rev:1;) alert tcp $HOME_NET any -> [87.98.128.76] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.98.128.76/; sid:900606325; rev:1;) alert tcp $HOME_NET any -> [80.241.218.90] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.218.90/; sid:900606326; rev:1;) alert tcp $HOME_NET any -> [103.161.172.109] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.109/; sid:900606327; rev:1;) alert tcp $HOME_NET any -> [45.181.207.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.207.7/; sid:900606329; rev:1;) alert tcp $HOME_NET any -> [78.111.121.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.111.121.2/; sid:900606330; rev:1;) alert tcp $HOME_NET any -> [103.148.201.66] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.201.66/; sid:900606332; rev:1;) alert tcp $HOME_NET any -> [45.181.206.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.206.8/; sid:900606333; rev:1;) alert tcp $HOME_NET any -> [103.36.50.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.50.251/; sid:900606336; rev:1;) alert tcp $HOME_NET any -> [103.73.224.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.224.46/; sid:900606337; rev:1;) alert tcp $HOME_NET any -> [116.212.132.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.197/; sid:900606338; rev:1;) alert tcp $HOME_NET any -> [168.205.192.71] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.205.192.71/; sid:900606339; rev:1;) alert tcp $HOME_NET any -> [186.101.84.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.84.222/; sid:900606340; rev:1;) alert tcp $HOME_NET any -> [201.174.75.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.75.107/; sid:900606341; rev:1;) alert tcp $HOME_NET any -> [201.174.52.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.52.20/; sid:900606342; rev:1;) alert tcp $HOME_NET any -> [45.7.132.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.7.132.229/; sid:900606344; rev:1;) alert tcp $HOME_NET any -> [45.40.132.219] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.40.132.219/; sid:900606345; rev:1;) alert tcp $HOME_NET any -> [190.183.237.119] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.237.119/; sid:900606346; rev:1;) alert tcp $HOME_NET any -> [103.253.107.198] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.198/; sid:900606347; rev:1;) alert tcp $HOME_NET any -> [172.104.58.76] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.58.76/; sid:900606349; rev:1;) alert tcp $HOME_NET any -> [204.174.223.210] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.174.223.210/; sid:900606350; rev:1;) alert tcp $HOME_NET any -> [51.91.105.97] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.105.97/; sid:900606351; rev:1;) alert tcp $HOME_NET any -> [134.209.182.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.182.12/; sid:900606352; rev:1;) alert tcp $HOME_NET any -> [188.40.100.254] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.100.254/; sid:900606353; rev:1;) alert tcp $HOME_NET any -> [103.109.247.9] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.9/; sid:900606354; rev:1;) alert tcp $HOME_NET any -> [163.172.217.74] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.217.74/; sid:900606360; rev:1;) alert tcp $HOME_NET any -> [74.63.218.139] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900606361; rev:1;) alert tcp $HOME_NET any -> [142.11.214.93] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.214.93/; sid:900606362; rev:1;) alert tcp $HOME_NET any -> [148.251.238.52] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.238.52/; sid:900606364; rev:1;) alert tcp $HOME_NET any -> [209.216.243.2] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.216.243.2/; sid:900606365; rev:1;) alert tcp $HOME_NET any -> [103.30.247.116] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.116/; sid:900606366; rev:1;) alert tcp $HOME_NET any -> [50.116.62.25] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.62.25/; sid:900606367; rev:1;) alert tcp $HOME_NET any -> [185.143.48.16] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.143.48.16/; sid:900606368; rev:1;) alert tcp $HOME_NET any -> [119.18.149.168] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.18.149.168/; sid:900606371; rev:1;) alert tcp $HOME_NET any -> [163.53.80.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.80.223/; sid:900606372; rev:1;) alert tcp $HOME_NET any -> [175.29.173.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.29.173.58/; sid:900606373; rev:1;) alert tcp $HOME_NET any -> [14.163.55.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.163.55.123/; sid:900606374; rev:1;) alert tcp $HOME_NET any -> [177.21.100.121] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.21.100.121/; sid:900606375; rev:1;) alert tcp $HOME_NET any -> [200.125.170.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.226/; sid:900606376; rev:1;) alert tcp $HOME_NET any -> [200.125.170.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.227/; sid:900606377; rev:1;) alert tcp $HOME_NET any -> [200.121.194.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.121.194.2/; sid:900606378; rev:1;) alert tcp $HOME_NET any -> [200.125.170.228] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.228/; sid:900606379; rev:1;) alert tcp $HOME_NET any -> [200.125.170.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.229/; sid:900606380; rev:1;) alert tcp $HOME_NET any -> [200.125.170.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.230/; sid:900606381; rev:1;) alert tcp $HOME_NET any -> [167.99.61.111] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.61.111/; sid:900606385; rev:1;) alert tcp $HOME_NET any -> [195.234.101.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.234.101.236/; sid:900606386; rev:1;) alert tcp $HOME_NET any -> [209.89.76.47] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.89.76.47/; sid:900606387; rev:1;) alert tcp $HOME_NET any -> [51.79.50.122] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.50.122/; sid:900606389; rev:1;) alert tcp $HOME_NET any -> [138.201.222.158] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.222.158/; sid:900606390; rev:1;) alert tcp $HOME_NET any -> [222.124.142.67] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.142.67/; sid:900606391; rev:1;) alert tcp $HOME_NET any -> [217.18.75.120] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.18.75.120/; sid:900606393; rev:1;) alert tcp $HOME_NET any -> [185.82.144.173] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.144.173/; sid:900606394; rev:1;) alert tcp $HOME_NET any -> [185.86.151.208] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.208/; sid:900606395; rev:1;) alert tcp $HOME_NET any -> [54.39.98.141] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.98.141/; sid:900606397; rev:1;) alert tcp $HOME_NET any -> [103.82.248.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.248.59/; sid:900606398; rev:1;) alert tcp $HOME_NET any -> [103.109.247.8] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.8/; sid:900606399; rev:1;) alert tcp $HOME_NET any -> [5.135.167.231] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.167.231/; sid:900606402; rev:1;) alert tcp $HOME_NET any -> [212.53.160.143] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.53.160.143/; sid:900606403; rev:1;) alert tcp $HOME_NET any -> [51.75.162.188] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.162.188/; sid:900606407; rev:1;) alert tcp $HOME_NET any -> [46.101.182.168] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.182.168/; sid:900606413; rev:1;) alert tcp $HOME_NET any -> [216.120.236.127] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.120.236.127/; sid:900606414; rev:1;) alert tcp $HOME_NET any -> [103.56.207.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.56.207.249/; sid:900606416; rev:1;) alert tcp $HOME_NET any -> [180.250.217.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.217.98/; sid:900606417; rev:1;) alert tcp $HOME_NET any -> [185.42.224.119] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.42.224.119/; sid:900606420; rev:1;) alert tcp $HOME_NET any -> [37.235.25.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.25.106/; sid:900606421; rev:1;) alert tcp $HOME_NET any -> [190.0.2.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.2.98/; sid:900606422; rev:1;) alert tcp $HOME_NET any -> [200.58.180.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.180.138/; sid:900606423; rev:1;) alert tcp $HOME_NET any -> [77.46.134.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.46.134.84/; sid:900606424; rev:1;) alert tcp $HOME_NET any -> [213.136.86.165] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.136.86.165/; sid:900606426; rev:1;) alert tcp $HOME_NET any -> [45.33.33.91] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.33.91/; sid:900606427; rev:1;) alert tcp $HOME_NET any -> [193.25.100.114] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.25.100.114/; sid:900606430; rev:1;) alert tcp $HOME_NET any -> [97.107.134.115] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.134.115/; sid:900606431; rev:1;) alert tcp $HOME_NET any -> [103.253.107.153] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.153/; sid:900606432; rev:1;) alert tcp $HOME_NET any -> [146.196.122.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.10/; sid:900606434; rev:1;) alert tcp $HOME_NET any -> [103.87.173.60] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.173.60/; sid:900606435; rev:1;) alert tcp $HOME_NET any -> [45.32.243.209] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.243.209/; sid:900606436; rev:1;) alert tcp $HOME_NET any -> [207.180.208.54] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.208.54/; sid:900606437; rev:1;) alert tcp $HOME_NET any -> [103.225.205.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.205.145/; sid:900606440; rev:1;) alert tcp $HOME_NET any -> [103.253.208.95] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.208.95/; sid:900606441; rev:1;) alert tcp $HOME_NET any -> [103.89.254.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.254.209/; sid:900606442; rev:1;) alert tcp $HOME_NET any -> [117.222.61.236] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.236/; sid:900606443; rev:1;) alert tcp $HOME_NET any -> [117.252.68.248] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.68.248/; sid:900606444; rev:1;) alert tcp $HOME_NET any -> [117.252.20.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.20.222/; sid:900606445; rev:1;) alert tcp $HOME_NET any -> [117.254.63.4] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.254.63.4/; sid:900606446; rev:1;) alert tcp $HOME_NET any -> [117.222.62.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.62.101/; sid:900606447; rev:1;) alert tcp $HOME_NET any -> [122.186.45.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.45.203/; sid:900606448; rev:1;) alert tcp $HOME_NET any -> [103.43.4.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.43.4.82/; sid:900606449; rev:1;) alert tcp $HOME_NET any -> [146.196.122.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.153/; sid:900606450; rev:1;) alert tcp $HOME_NET any -> [146.196.122.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.157/; sid:900606451; rev:1;) alert tcp $HOME_NET any -> [14.102.25.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.25.100/; sid:900606452; rev:1;) alert tcp $HOME_NET any -> [194.190.18.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.18.122/; sid:900606453; rev:1;) alert tcp $HOME_NET any -> [186.4.193.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.193.75/; sid:900606454; rev:1;) alert tcp $HOME_NET any -> [103.92.200.13] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.92.200.13/; sid:900606456; rev:1;) alert tcp $HOME_NET any -> [45.80.173.80] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.173.80/; sid:900606457; rev:1;) alert tcp $HOME_NET any -> [207.154.208.93] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900606458; rev:1;) alert tcp $HOME_NET any -> [204.107.218.39] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.107.218.39/; sid:900606462; rev:1;) alert tcp $HOME_NET any -> [78.139.22.184] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.139.22.184/; sid:900606463; rev:1;) alert tcp $HOME_NET any -> [5.199.162.48] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.162.48/; sid:900606466; rev:1;) alert tcp $HOME_NET any -> [194.1.193.11] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.1.193.11/; sid:900606467; rev:1;) alert tcp $HOME_NET any -> [119.59.105.131] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.105.131/; sid:900606468; rev:1;) alert tcp $HOME_NET any -> [201.148.20.37] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.148.20.37/; sid:900606469; rev:1;) alert tcp $HOME_NET any -> [103.121.123.61] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.121.123.61/; sid:900606470; rev:1;) alert tcp $HOME_NET any -> [45.55.180.84] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.180.84/; sid:900606472; rev:1;) alert tcp $HOME_NET any -> [128.199.206.91] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.206.91/; sid:900606473; rev:1;) alert tcp $HOME_NET any -> [92.247.29.75] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.247.29.75/; sid:900606481; rev:1;) alert tcp $HOME_NET any -> [104.152.111.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.152.111.198/; sid:900606482; rev:1;) alert tcp $HOME_NET any -> [124.158.165.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.158.165.190/; sid:900606483; rev:1;) alert tcp $HOME_NET any -> [36.94.167.167] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900606484; rev:1;) alert tcp $HOME_NET any -> [114.79.130.68] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900606485; rev:1;) alert tcp $HOME_NET any -> [106.0.51.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.0.51.2/; sid:900606486; rev:1;) alert tcp $HOME_NET any -> [103.111.55.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.55.46/; sid:900606487; rev:1;) alert tcp $HOME_NET any -> [167.71.232.57] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.232.57/; sid:900606488; rev:1;) alert tcp $HOME_NET any -> [45.76.176.10] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900606489; rev:1;) alert tcp $HOME_NET any -> [103.233.25.228] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.25.228/; sid:900606490; rev:1;) alert tcp $HOME_NET any -> [176.100.4.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.100.4.31/; sid:900606491; rev:1;) alert tcp $HOME_NET any -> [165.73.90.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.73.90.187/; sid:900606492; rev:1;) alert tcp $HOME_NET any -> [122.117.90.133] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.117.90.133/; sid:900606493; rev:1;) alert tcp $HOME_NET any -> [103.113.105.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.105.126/; sid:900606494; rev:1;) alert tcp $HOME_NET any -> [139.255.199.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.199.196/; sid:900606495; rev:1;) alert tcp $HOME_NET any -> [157.119.215.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.215.186/; sid:900606496; rev:1;) alert tcp $HOME_NET any -> [103.75.32.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.38/; sid:900606497; rev:1;) alert tcp $HOME_NET any -> [103.94.0.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.0.178/; sid:900606498; rev:1;) alert tcp $HOME_NET any -> [103.127.67.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.127.67.38/; sid:900606499; rev:1;) alert tcp $HOME_NET any -> [103.122.108.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.108.44/; sid:900606500; rev:1;) alert tcp $HOME_NET any -> [36.95.110.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.110.19/; sid:900606501; rev:1;) alert tcp $HOME_NET any -> [36.91.36.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.36.29/; sid:900606502; rev:1;) alert tcp $HOME_NET any -> [36.37.99.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.37.99.242/; sid:900606503; rev:1;) alert tcp $HOME_NET any -> [14.102.15.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.100/; sid:900606504; rev:1;) alert tcp $HOME_NET any -> [14.102.15.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.101/; sid:900606505; rev:1;) alert tcp $HOME_NET any -> [206.225.86.233] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.225.86.233/; sid:900606507; rev:1;) alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900606508; rev:1;) alert tcp $HOME_NET any -> [45.76.117.129] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.117.129/; sid:900606509; rev:1;) alert tcp $HOME_NET any -> [5.199.174.90] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.174.90/; sid:900606512; rev:1;) alert tcp $HOME_NET any -> [194.141.47.9] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.141.47.9/; sid:900606513; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900606514; rev:1;) alert tcp $HOME_NET any -> [54.37.84.240] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.84.240/; sid:900606515; rev:1;) alert tcp $HOME_NET any -> [212.39.115.102] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.39.115.102/; sid:900606516; rev:1;) alert tcp $HOME_NET any -> [156.67.220.186] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.220.186/; sid:900606517; rev:1;) alert tcp $HOME_NET any -> [169.255.57.61] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.57.61/; sid:900606519; rev:1;) alert tcp $HOME_NET any -> [128.199.192.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900606520; rev:1;) alert tcp $HOME_NET any -> [103.58.102.177] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.58.102.177/; sid:900606521; rev:1;) alert tcp $HOME_NET any -> [103.145.213.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.145.213.106/; sid:900606522; rev:1;) alert tcp $HOME_NET any -> [103.140.206.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.206.94/; sid:900606523; rev:1;) alert tcp $HOME_NET any -> [103.78.141.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.78.141.26/; sid:900606524; rev:1;) alert tcp $HOME_NET any -> [116.50.27.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.50.27.50/; sid:900606525; rev:1;) alert tcp $HOME_NET any -> [103.144.168.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.168.162/; sid:900606526; rev:1;) alert tcp $HOME_NET any -> [148.251.190.18] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.190.18/; sid:900606530; rev:1;) alert tcp $HOME_NET any -> [202.157.177.65] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.157.177.65/; sid:900606531; rev:1;) alert tcp $HOME_NET any -> [31.173.137.39] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.39/; sid:900606533; rev:1;) alert tcp $HOME_NET any -> [115.85.78.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.85.78.118/; sid:900606535; rev:1;) alert tcp $HOME_NET any -> [31.173.137.47] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.47/; sid:900606536; rev:1;) alert tcp $HOME_NET any -> [37.57.82.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.57.82.112/; sid:900606537; rev:1;) alert tcp $HOME_NET any -> [195.138.66.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.138.66.209/; sid:900606538; rev:1;) alert tcp $HOME_NET any -> [98.0.159.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.159.122/; sid:900606539; rev:1;) alert tcp $HOME_NET any -> [175.184.232.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.184.232.234/; sid:900606540; rev:1;) alert tcp $HOME_NET any -> [139.255.41.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.41.122/; sid:900606541; rev:1;) alert tcp $HOME_NET any -> [202.179.185.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.179.185.203/; sid:900606542; rev:1;) alert tcp $HOME_NET any -> [31.173.137.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.49/; sid:900606543; rev:1;) alert tcp $HOME_NET any -> [36.89.228.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.228.201/; sid:900606544; rev:1;) alert tcp $HOME_NET any -> [36.67.109.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.109.15/; sid:900606545; rev:1;) alert tcp $HOME_NET any -> [178.159.126.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.159.126.34/; sid:900606546; rev:1;) alert tcp $HOME_NET any -> [43.252.159.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.159.190/; sid:900606549; rev:1;) alert tcp $HOME_NET any -> [124.41.211.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.211.17/; sid:900606551; rev:1;) alert tcp $HOME_NET any -> [103.52.135.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.52.135.61/; sid:900606552; rev:1;) alert tcp $HOME_NET any -> [36.92.59.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.59.93/; sid:900606554; rev:1;) alert tcp $HOME_NET any -> [31.31.75.77] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.31.75.77/; sid:900606564; rev:1;) alert tcp $HOME_NET any -> [80.211.40.191] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.40.191/; sid:900606565; rev:1;) alert tcp $HOME_NET any -> [207.154.252.203] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.252.203/; sid:900606569; rev:1;) alert tcp $HOME_NET any -> [45.33.20.41] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.20.41/; sid:900606571; rev:1;) alert tcp $HOME_NET any -> [85.254.196.150] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.254.196.150/; sid:900606573; rev:1;) alert tcp $HOME_NET any -> [185.30.32.51] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.51/; sid:900606575; rev:1;) alert tcp $HOME_NET any -> [185.250.148.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.148.74/; sid:900606576; rev:1;) alert tcp $HOME_NET any -> [81.241.252.59] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.241.252.59/; sid:900606577; rev:1;) alert tcp $HOME_NET any -> [81.250.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.250.153.227/; sid:900606578; rev:1;) alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900606579; rev:1;) alert tcp $HOME_NET any -> [95.77.223.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.77.223.148/; sid:900606580; rev:1;) alert tcp $HOME_NET any -> [47.22.148.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.22.148.6/; sid:900606581; rev:1;) alert tcp $HOME_NET any -> [199.27.127.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.27.127.129/; sid:900606582; rev:1;) alert tcp $HOME_NET any -> [105.198.236.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606583; rev:1;) alert tcp $HOME_NET any -> [216.201.162.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900606584; rev:1;) alert tcp $HOME_NET any -> [37.210.152.224] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.152.224/; sid:900606585; rev:1;) alert tcp $HOME_NET any -> [136.232.34.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.34.70/; sid:900606586; rev:1;) alert tcp $HOME_NET any -> [181.118.183.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.94/; sid:900606587; rev:1;) alert tcp $HOME_NET any -> [120.151.47.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.47.189/; sid:900606588; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900606589; rev:1;) alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900606590; rev:1;) alert tcp $HOME_NET any -> [122.11.220.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.220.212/; sid:900606591; rev:1;) alert tcp $HOME_NET any -> [177.130.82.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.130.82.197/; sid:900606592; rev:1;) alert tcp $HOME_NET any -> [24.139.72.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.72.117/; sid:900606593; rev:1;) alert tcp $HOME_NET any -> [24.229.150.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.150.54/; sid:900606594; rev:1;) alert tcp $HOME_NET any -> [186.18.205.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.205.199/; sid:900606595; rev:1;) alert tcp $HOME_NET any -> [73.151.236.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.151.236.31/; sid:900606596; rev:1;) alert tcp $HOME_NET any -> [68.204.7.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.204.7.158/; sid:900606597; rev:1;) alert tcp $HOME_NET any -> [75.188.35.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900606598; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606599; rev:1;) alert tcp $HOME_NET any -> [173.21.10.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.10.71/; sid:900606600; rev:1;) alert tcp $HOME_NET any -> [24.55.112.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.112.61/; sid:900606601; rev:1;) alert tcp $HOME_NET any -> [71.80.168.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.80.168.245/; sid:900606602; rev:1;) alert tcp $HOME_NET any -> [45.46.53.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.53.140/; sid:900606603; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606604; rev:1;) alert tcp $HOME_NET any -> [41.251.41.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.251.41.14/; sid:900606605; rev:1;) alert tcp $HOME_NET any -> [93.8.66.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.8.66.216/; sid:900606606; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606607; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606608; rev:1;) alert tcp $HOME_NET any -> [217.17.56.163] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606609; rev:1;) alert tcp $HOME_NET any -> [190.198.206.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.198.206.189/; sid:900606610; rev:1;) alert tcp $HOME_NET any -> [47.40.196.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.40.196.233/; sid:900606612; rev:1;) alert tcp $HOME_NET any -> [71.74.12.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.74.12.34/; sid:900606613; rev:1;) alert tcp $HOME_NET any -> [207.38.84.195] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.38.84.195/; sid:900606615; rev:1;) alert tcp $HOME_NET any -> [186.250.48.123] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.123/; sid:900606616; rev:1;) alert tcp $HOME_NET any -> [76.25.142.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.25.142.196/; sid:900606617; rev:1;) alert tcp $HOME_NET any -> [67.165.206.193] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.165.206.193/; sid:900606618; rev:1;) alert tcp $HOME_NET any -> [124.123.42.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.123.42.115/; sid:900606621; rev:1;) alert tcp $HOME_NET any -> [103.148.120.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.120.144/; sid:900606622; rev:1;) alert tcp $HOME_NET any -> [173.25.166.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.166.81/; sid:900606623; rev:1;) alert tcp $HOME_NET any -> [189.210.115.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.115.207/; sid:900606624; rev:1;) alert tcp $HOME_NET any -> [109.12.111.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.12.111.14/; sid:900606625; rev:1;) alert tcp $HOME_NET any -> [68.186.192.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.186.192.69/; sid:900606626; rev:1;) alert tcp $HOME_NET any -> [144.139.47.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.47.206/; sid:900606627; rev:1;) alert tcp $HOME_NET any -> [50.29.166.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.29.166.232/; sid:900606629; rev:1;) alert tcp $HOME_NET any -> [75.89.195.186] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.89.195.186/; sid:900606630; rev:1;) alert tcp $HOME_NET any -> [159.2.51.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.2.51.200/; sid:900606631; rev:1;) alert tcp $HOME_NET any -> [174.54.58.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.58.170/; sid:900606632; rev:1;) alert tcp $HOME_NET any -> [94.200.181.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.181.154/; sid:900606633; rev:1;) alert tcp $HOME_NET any -> [73.130.180.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.130.180.25/; sid:900606634; rev:1;) alert tcp $HOME_NET any -> [73.52.50.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.52.50.32/; sid:900606635; rev:1;) alert tcp $HOME_NET any -> [174.59.35.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.59.35.191/; sid:900606636; rev:1;) alert tcp $HOME_NET any -> [73.230.205.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.230.205.91/; sid:900606637; rev:1;) alert tcp $HOME_NET any -> [174.54.193.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.193.186/; sid:900606638; rev:1;) alert tcp $HOME_NET any -> [24.152.219.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.219.253/; sid:900606639; rev:1;) alert tcp $HOME_NET any -> [86.8.177.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.8.177.143/; sid:900606640; rev:1;) alert tcp $HOME_NET any -> [103.157.122.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.157.122.198/; sid:900606641; rev:1;) alert tcp $HOME_NET any -> [78.191.44.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.44.76/; sid:900606642; rev:1;) alert tcp $HOME_NET any -> [73.25.124.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.124.140/; sid:900606644; rev:1;) alert tcp $HOME_NET any -> [75.66.88.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.66.88.33/; sid:900606645; rev:1;) alert tcp $HOME_NET any -> [73.77.87.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606646; rev:1;) alert tcp $HOME_NET any -> [81.214.126.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.126.173/; sid:900606647; rev:1;) alert tcp $HOME_NET any -> [75.75.179.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.75.179.226/; sid:900606648; rev:1;) alert tcp $HOME_NET any -> [167.248.100.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.100.227/; sid:900606649; rev:1;) alert tcp $HOME_NET any -> [167.248.111.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.111.245/; sid:900606650; rev:1;) alert tcp $HOME_NET any -> [96.57.188.174] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.57.188.174/; sid:900606651; rev:1;) alert tcp $HOME_NET any -> [40.131.140.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.131.140.155/; sid:900606652; rev:1;) alert tcp $HOME_NET any -> [96.46.103.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.46.103.226/; sid:900606653; rev:1;) alert tcp $HOME_NET any -> [208.89.170.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.89.170.179/; sid:900606654; rev:1;) alert tcp $HOME_NET any -> [206.47.134.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.47.134.234/; sid:900606655; rev:1;) alert tcp $HOME_NET any -> [187.116.124.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.116.124.82/; sid:900606656; rev:1;) alert tcp $HOME_NET any -> [76.84.230.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.230.103/; sid:900606657; rev:1;) alert tcp $HOME_NET any -> [201.93.111.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.93.111.2/; sid:900606658; rev:1;) alert tcp $HOME_NET any -> [75.163.81.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.163.81.130/; sid:900606659; rev:1;) alert tcp $HOME_NET any -> [69.30.186.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.186.190/; sid:900606660; rev:1;) alert tcp $HOME_NET any -> [98.22.92.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.92.139/; sid:900606661; rev:1;) alert tcp $HOME_NET any -> [97.98.130.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.98.130.50/; sid:900606662; rev:1;) alert tcp $HOME_NET any -> [167.248.81.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.81.60/; sid:900606663; rev:1;) alert tcp $HOME_NET any -> [69.30.190.105] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.190.105/; sid:900606664; rev:1;) alert tcp $HOME_NET any -> [78.191.36.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.36.142/; sid:900606665; rev:1;) alert tcp $HOME_NET any -> [185.157.82.209] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.157.82.209/; sid:900606666; rev:1;) alert tcp $HOME_NET any -> [5.39.99.208] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.99.208/; sid:900606667; rev:1;) alert tcp $HOME_NET any -> [207.148.81.119] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.148.81.119/; sid:900606668; rev:1;) alert tcp $HOME_NET any -> [167.248.99.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.99.149/; sid:900606670; rev:1;) alert tcp $HOME_NET any -> [167.248.23.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.23.224/; sid:900606671; rev:1;) alert tcp $HOME_NET any -> [167.248.117.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.117.81/; sid:900606672; rev:1;) alert tcp $HOME_NET any -> [70.37.217.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.37.217.196/; sid:900606673; rev:1;) alert tcp $HOME_NET any -> [103.142.10.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.142.10.177/; sid:900606674; rev:1;) alert tcp $HOME_NET any -> [2.99.100.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.99.100.134/; sid:900606675; rev:1;) alert tcp $HOME_NET any -> [24.119.214.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.119.214.7/; sid:900606676; rev:1;) alert tcp $HOME_NET any -> [74.72.237.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.72.237.54/; sid:900606678; rev:1;) alert tcp $HOME_NET any -> [177.94.21.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.21.110/; sid:900606679; rev:1;) alert tcp $HOME_NET any -> [115.96.53.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.53.68/; sid:900606680; rev:1;) alert tcp $HOME_NET any -> [76.84.225.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.225.21/; sid:900606681; rev:1;) alert tcp $HOME_NET any -> [103.75.32.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.173/; sid:900606682; rev:1;) alert tcp $HOME_NET any -> [202.9.121.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.9.121.143/; sid:900606683; rev:1;) alert tcp $HOME_NET any -> [103.146.232.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.232.154/; sid:900606684; rev:1;) alert tcp $HOME_NET any -> [103.47.170.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.131/; sid:900606685; rev:1;) alert tcp $HOME_NET any -> [117.222.61.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.115/; sid:900606686; rev:1;) alert tcp $HOME_NET any -> [117.222.57.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.57.92/; sid:900606687; rev:1;) alert tcp $HOME_NET any -> [103.47.170.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.130/; sid:900606688; rev:1;) alert tcp $HOME_NET any -> [36.95.23.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.23.89/; sid:900606689; rev:1;) alert tcp $HOME_NET any -> [116.206.153.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.206.153.212/; sid:900606690; rev:1;) alert tcp $HOME_NET any -> [118.91.190.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.91.190.42/; sid:900606691; rev:1;) alert tcp $HOME_NET any -> [136.228.128.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.128.21/; sid:900606692; rev:1;) alert tcp $HOME_NET any -> [36.91.186.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.186.235/; sid:900606693; rev:1;) alert tcp $HOME_NET any -> [181.4.53.6] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.53.6/; sid:900606694; rev:1;) alert tcp $HOME_NET any -> [209.50.20.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.50.20.255/; sid:900606699; rev:1;) alert tcp $HOME_NET any -> [202.134.178.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.178.157/; sid:900606700; rev:1;) alert tcp $HOME_NET any -> [69.80.113.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.80.113.148/; sid:900606701; rev:1;) alert tcp $HOME_NET any -> [89.137.52.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.137.52.44/; sid:900606702; rev:1;) alert tcp $HOME_NET any -> [185.168.130.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.168.130.138/; sid:900606703; rev:1;) alert tcp $HOME_NET any -> [79.172.255.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.255.198/; sid:900606704; rev:1;) alert tcp $HOME_NET any -> [173.25.162.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.162.221/; sid:900606706; rev:1;) alert tcp $HOME_NET any -> [167.248.126.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.126.223/; sid:900606707; rev:1;) alert tcp $HOME_NET any -> [78.191.58.219] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.58.219/; sid:900606708; rev:1;) alert tcp $HOME_NET any -> [188.55.235.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.235.110/; sid:900606709; rev:1;) alert tcp $HOME_NET any -> [66.103.170.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.103.170.104/; sid:900606711; rev:1;) alert tcp $HOME_NET any -> [195.154.108.109] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.108.109/; sid:900606712; rev:1;) alert tcp $HOME_NET any -> [77.57.204.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.57.204.78/; sid:900606713; rev:1;) alert tcp $HOME_NET any -> [51.178.61.60] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900606714; rev:1;) alert tcp $HOME_NET any -> [116.203.55.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.55.59/; sid:900606715; rev:1;) alert tcp $HOME_NET any -> [213.190.4.223] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.190.4.223/; sid:900606716; rev:1;) alert tcp $HOME_NET any -> [27.223.92.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.223.92.142/; sid:900606717; rev:1;) alert tcp $HOME_NET any -> [2.222.167.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.222.167.138/; sid:900606718; rev:1;) alert tcp $HOME_NET any -> [80.6.192.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.6.192.58/; sid:900606720; rev:1;) alert tcp $HOME_NET any -> [188.50.169.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.169.158/; sid:900606721; rev:1;) alert tcp $HOME_NET any -> [209.142.97.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.142.97.161/; sid:900606722; rev:1;) alert tcp $HOME_NET any -> [200.232.214.222] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.232.214.222/; sid:900606723; rev:1;) alert tcp $HOME_NET any -> [186.32.163.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.163.199/; sid:900606724; rev:1;) alert tcp $HOME_NET any -> [72.173.78.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.173.78.211/; sid:900606725; rev:1;) alert tcp $HOME_NET any -> [98.157.235.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.235.126/; sid:900606726; rev:1;) alert tcp $HOME_NET any -> [24.171.50.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.171.50.5/; sid:900606727; rev:1;) alert tcp $HOME_NET any -> [66.177.215.152] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606728; rev:1;) alert tcp $HOME_NET any -> [177.170.201.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.170.201.134/; sid:900606729; rev:1;) alert tcp $HOME_NET any -> [66.177.215.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606730; rev:1;) alert tcp $HOME_NET any -> [73.140.38.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.140.38.124/; sid:900606731; rev:1;) alert tcp $HOME_NET any -> [110.174.64.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.174.64.179/; sid:900606732; rev:1;) alert tcp $HOME_NET any -> [38.10.197.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.197.234/; sid:900606733; rev:1;) alert tcp $HOME_NET any -> [220.255.25.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.28/; sid:900606734; rev:1;) alert tcp $HOME_NET any -> [41.86.42.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606735; rev:1;) alert tcp $HOME_NET any -> [93.48.58.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.58.123/; sid:900606736; rev:1;) alert tcp $HOME_NET any -> [41.86.42.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606737; rev:1;) alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900606738; rev:1;) alert tcp $HOME_NET any -> [73.77.87.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606739; rev:1;) alert tcp $HOME_NET any -> [187.250.159.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.159.104/; sid:900606740; rev:1;) alert tcp $HOME_NET any -> [187.172.240.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.240.28/; sid:900606741; rev:1;) alert tcp $HOME_NET any -> [188.50.26.190] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.26.190/; sid:900606742; rev:1;) alert tcp $HOME_NET any -> [85.109.229.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.229.54/; sid:900606744; rev:1;) alert tcp $HOME_NET any -> [203.213.107.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.107.174/; sid:900606747; rev:1;) alert tcp $HOME_NET any -> [37.117.191.19] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.117.191.19/; sid:900606749; rev:1;) alert tcp $HOME_NET any -> [72.52.96.202] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.52.96.202/; sid:900606751; rev:1;) alert tcp $HOME_NET any -> [139.162.232.153] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.232.153/; sid:900606753; rev:1;) alert tcp $HOME_NET any -> [5.83.45.48] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.83.45.48/; sid:900606754; rev:1;) alert tcp $HOME_NET any -> [209.239.112.82] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900606755; rev:1;) alert tcp $HOME_NET any -> [146.66.238.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.238.74/; sid:900606759; rev:1;) alert tcp $HOME_NET any -> [77.31.162.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.31.162.93/; sid:900606760; rev:1;) alert tcp $HOME_NET any -> [67.230.44.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.230.44.194/; sid:900606761; rev:1;) alert tcp $HOME_NET any -> [39.49.64.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.64.244/; sid:900606762; rev:1;) alert tcp $HOME_NET any -> [209.236.35.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.236.35.178/; sid:900606763; rev:1;) alert tcp $HOME_NET any -> [75.131.217.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.131.217.182/; sid:900606764; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606765; rev:1;) alert tcp $HOME_NET any -> [78.105.213.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.105.213.151/; sid:900606766; rev:1;) alert tcp $HOME_NET any -> [173.22.178.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.178.66/; sid:900606767; rev:1;) alert tcp $HOME_NET any -> [68.117.229.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.117.229.117/; sid:900606768; rev:1;) alert tcp $HOME_NET any -> [201.68.60.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.68.60.118/; sid:900606769; rev:1;) alert tcp $HOME_NET any -> [51.83.3.52] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.3.52/; sid:900606770; rev:1;) alert tcp $HOME_NET any -> [69.64.50.41] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.50.41/; sid:900606771; rev:1;) alert tcp $HOME_NET any -> [189.252.166.130] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.166.130/; sid:900606772; rev:1;) alert tcp $HOME_NET any -> [208.78.220.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.220.143/; sid:900606773; rev:1;) alert tcp $HOME_NET any -> [78.179.137.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.179.137.102/; sid:900606774; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606775; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606776; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606777; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606778; rev:1;) alert tcp $HOME_NET any -> [98.203.26.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.203.26.168/; sid:900606779; rev:1;) alert tcp $HOME_NET any -> [189.146.41.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.41.71/; sid:900606780; rev:1;) alert tcp $HOME_NET any -> [189.147.159.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.159.42/; sid:900606781; rev:1;) alert tcp $HOME_NET any -> [189.135.16.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.16.92/; sid:900606782; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606783; rev:1;) alert tcp $HOME_NET any -> [178.62.205.130] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.205.130/; sid:900606784; rev:1;) alert tcp $HOME_NET any -> [45.90.108.123] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.90.108.123/; sid:900606785; rev:1;) alert tcp $HOME_NET any -> [198.199.98.78] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.98.78/; sid:900606786; rev:1;) alert tcp $HOME_NET any -> [96.37.113.36] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.113.36/; sid:900606787; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606788; rev:1;) alert tcp $HOME_NET any -> [136.232.254.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.254.46/; sid:900606789; rev:1;) alert tcp $HOME_NET any -> [115.96.62.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.62.113/; sid:900606790; rev:1;) alert tcp $HOME_NET any -> [91.178.126.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.178.126.51/; sid:900606791; rev:1;) alert tcp $HOME_NET any -> [122.60.71.201] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.60.71.201/; sid:900606792; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606793; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606794; rev:1;) alert tcp $HOME_NET any -> [187.156.169.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.169.68/; sid:900606795; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606796; rev:1;) alert tcp $HOME_NET any -> [197.89.144.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.200/; sid:900606797; rev:1;) alert tcp $HOME_NET any -> [196.207.140.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.207.140.40/; sid:900606798; rev:1;) alert tcp $HOME_NET any -> [188.55.249.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.249.239/; sid:900606799; rev:1;) alert tcp $HOME_NET any -> [213.60.210.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.60.210.85/; sid:900606800; rev:1;) alert tcp $HOME_NET any -> [189.152.1.4] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.1.4/; sid:900606801; rev:1;) alert tcp $HOME_NET any -> [174.76.17.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.76.17.43/; sid:900606802; rev:1;) alert tcp $HOME_NET any -> [176.45.11.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.11.226/; sid:900606803; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606804; rev:1;) alert tcp $HOME_NET any -> [65.100.174.110] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606805; rev:1;) alert tcp $HOME_NET any -> [187.75.66.160] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.75.66.160/; sid:900606806; rev:1;) alert tcp $HOME_NET any -> [178.33.123.234] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.123.234/; sid:900606808; rev:1;) alert tcp $HOME_NET any -> [136.143.11.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.143.11.232/; sid:900606809; rev:1;) alert tcp $HOME_NET any -> [195.210.28.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.115/; sid:900606810; rev:1;) alert tcp $HOME_NET any -> [211.172.241.52] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.172.241.52/; sid:900606811; rev:1;) alert tcp $HOME_NET any -> [103.82.211.39] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606812; rev:1;) alert tcp $HOME_NET any -> [182.176.180.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.180.73/; sid:900606813; rev:1;) alert tcp $HOME_NET any -> [81.213.59.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.59.22/; sid:900606816; rev:1;) alert tcp $HOME_NET any -> [86.220.112.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.220.112.26/; sid:900606817; rev:1;) alert tcp $HOME_NET any -> [49.206.29.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.29.127/; sid:900606818; rev:1;) alert tcp $HOME_NET any -> [176.45.53.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.53.222/; sid:900606819; rev:1;) alert tcp $HOME_NET any -> [105.198.236.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606820; rev:1;) alert tcp $HOME_NET any -> [115.96.64.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.64.9/; sid:900606821; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900606822; rev:1;) alert tcp $HOME_NET any -> [78.191.38.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.38.33/; sid:900606823; rev:1;) alert tcp $HOME_NET any -> [39.49.122.240] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.122.240/; sid:900606824; rev:1;) alert tcp $HOME_NET any -> [37.210.155.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.155.239/; sid:900606825; rev:1;) alert tcp $HOME_NET any -> [187.149.227.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.40/; sid:900606826; rev:1;) alert tcp $HOME_NET any -> [201.172.31.95] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.31.95/; sid:900606827; rev:1;) alert tcp $HOME_NET any -> [38.70.253.226] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.70.253.226/; sid:900606828; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606829; rev:1;) alert tcp $HOME_NET any -> [195.154.146.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.146.84/; sid:900606830; rev:1;) alert tcp $HOME_NET any -> [157.245.222.44] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.222.44/; sid:900606831; rev:1;) alert tcp $HOME_NET any -> [45.56.121.87] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.121.87/; sid:900606832; rev:1;) alert tcp $HOME_NET any -> [24.231.209.2] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606833; rev:1;) alert tcp $HOME_NET any -> [86.152.43.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.152.43.219/; sid:900606834; rev:1;) alert tcp $HOME_NET any -> [197.89.144.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.102/; sid:900606835; rev:1;) alert tcp $HOME_NET any -> [100.1.119.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.119.41/; sid:900606838; rev:1;) alert tcp $HOME_NET any -> [201.137.10.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.10.225/; sid:900606839; rev:1;) alert tcp $HOME_NET any -> [108.4.67.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.4.67.252/; sid:900606841; rev:1;) alert tcp $HOME_NET any -> [123.252.190.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.252.190.14/; sid:900606843; rev:1;) alert tcp $HOME_NET any -> [37.208.181.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606844; rev:1;) alert tcp $HOME_NET any -> [129.208.147.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.147.188/; sid:900606845; rev:1;) alert tcp $HOME_NET any -> [96.246.158.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.246.158.154/; sid:900606846; rev:1;) alert tcp $HOME_NET any -> [41.235.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.69.115/; sid:900606847; rev:1;) alert tcp $HOME_NET any -> [78.191.24.189] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.24.189/; sid:900606848; rev:1;) alert tcp $HOME_NET any -> [103.150.40.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.40.76/; sid:900606849; rev:1;) alert tcp $HOME_NET any -> [46.101.142.214] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.142.214/; sid:900606850; rev:1;) alert tcp $HOME_NET any -> [207.180.220.242] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.220.242/; sid:900606851; rev:1;) alert tcp $HOME_NET any -> [155.138.203.91] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.203.91/; sid:900606852; rev:1;) alert tcp $HOME_NET any -> [62.210.116.97] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.116.97/; sid:900606854; rev:1;) alert tcp $HOME_NET any -> [37.208.181.198] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606855; rev:1;) alert tcp $HOME_NET any -> [187.156.134.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.134.254/; sid:900606858; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900606859; rev:1;) alert tcp $HOME_NET any -> [212.237.17.99] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.17.99/; sid:900606860; rev:1;) alert tcp $HOME_NET any -> [176.28.17.160] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.28.17.160/; sid:900606861; rev:1;) alert tcp $HOME_NET any -> [51.254.140.238] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900606862; rev:1;) alert tcp $HOME_NET any -> [207.246.112.221] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606865; rev:1;) alert tcp $HOME_NET any -> [188.50.34.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.34.167/; sid:900606866; rev:1;) alert tcp $HOME_NET any -> [45.9.20.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606867; rev:1;) alert tcp $HOME_NET any -> [73.25.109.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.109.183/; sid:900606868; rev:1;) alert tcp $HOME_NET any -> [207.246.112.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606869; rev:1;) alert tcp $HOME_NET any -> [187.250.109.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.109.250/; sid:900606870; rev:1;) alert tcp $HOME_NET any -> [87.242.20.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.242.20.233/; sid:900606871; rev:1;) alert tcp $HOME_NET any -> [115.99.227.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.99.227.13/; sid:900606872; rev:1;) alert tcp $HOME_NET any -> [27.5.5.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.5.31/; sid:900606873; rev:1;) alert tcp $HOME_NET any -> [88.226.225.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.226.225.168/; sid:900606874; rev:1;) alert tcp $HOME_NET any -> [149.28.99.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.99.97/; sid:900606875; rev:1;) alert tcp $HOME_NET any -> [96.21.251.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.251.127/; sid:900606878; rev:1;) alert tcp $HOME_NET any -> [86.120.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.120.85.209/; sid:900606879; rev:1;) alert tcp $HOME_NET any -> [85.219.187.72] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.219.187.72/; sid:900606882; rev:1;) alert tcp $HOME_NET any -> [86.98.1.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.1.197/; sid:900606883; rev:1;) alert tcp $HOME_NET any -> [189.252.140.141] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.140.141/; sid:900606884; rev:1;) alert tcp $HOME_NET any -> [197.89.144.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.19/; sid:900606885; rev:1;) alert tcp $HOME_NET any -> [143.92.137.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.92.137.106/; sid:900606886; rev:1;) alert tcp $HOME_NET any -> [39.49.45.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.45.250/; sid:900606887; rev:1;) alert tcp $HOME_NET any -> [37.208.162.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.162.27/; sid:900606888; rev:1;) alert tcp $HOME_NET any -> [86.97.8.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.178/; sid:900606889; rev:1;) alert tcp $HOME_NET any -> [94.60.254.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.60.254.81/; sid:900606890; rev:1;) alert tcp $HOME_NET any -> [77.255.12.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.255.12.88/; sid:900606891; rev:1;) alert tcp $HOME_NET any -> [92.59.35.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.59.35.196/; sid:900606892; rev:1;) alert tcp $HOME_NET any -> [87.99.107.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.99.107.124/; sid:900606893; rev:1;) alert tcp $HOME_NET any -> [5.224.28.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.224.28.151/; sid:900606894; rev:1;) alert tcp $HOME_NET any -> [85.226.176.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.226.176.123/; sid:900606895; rev:1;) alert tcp $HOME_NET any -> [189.223.33.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.33.109/; sid:900606896; rev:1;) alert tcp $HOME_NET any -> [85.54.179.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.179.210/; sid:900606897; rev:1;) alert tcp $HOME_NET any -> [95.248.201.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.248.201.245/; sid:900606899; rev:1;) alert tcp $HOME_NET any -> [79.160.207.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.160.207.214/; sid:900606900; rev:1;) alert tcp $HOME_NET any -> [185.122.58.89] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.122.58.89/; sid:900606901; rev:1;) alert tcp $HOME_NET any -> [136.144.131.189] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.144.131.189/; sid:900606902; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606903; rev:1;) alert tcp $HOME_NET any -> [87.109.246.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.109.246.232/; sid:900606904; rev:1;) alert tcp $HOME_NET any -> [109.228.255.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.255.59/; sid:900606905; rev:1;) alert tcp $HOME_NET any -> [70.93.80.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.93.80.154/; sid:900606906; rev:1;) alert tcp $HOME_NET any -> [93.48.80.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.80.198/; sid:900606907; rev:1;) alert tcp $HOME_NET any -> [111.250.36.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.36.194/; sid:900606908; rev:1;) alert tcp $HOME_NET any -> [41.235.58.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.58.200/; sid:900606909; rev:1;) alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900606910; rev:1;) alert tcp $HOME_NET any -> [75.169.58.229] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.169.58.229/; sid:900606911; rev:1;) alert tcp $HOME_NET any -> [47.72.219.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.72.219.120/; sid:900606912; rev:1;) alert tcp $HOME_NET any -> [38.10.199.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.199.26/; sid:900606913; rev:1;) alert tcp $HOME_NET any -> [188.26.158.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.26.158.80/; sid:900606915; rev:1;) alert tcp $HOME_NET any -> [185.56.219.47] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.219.47/; sid:900606916; rev:1;) alert tcp $HOME_NET any -> [192.46.210.220] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.46.210.220/; sid:900606917; rev:1;) alert tcp $HOME_NET any -> [143.244.140.214] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.244.140.214/; sid:900606918; rev:1;) alert tcp $HOME_NET any -> [45.77.0.96] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.0.96/; sid:900606919; rev:1;) alert tcp $HOME_NET any -> [54.37.202.209] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.202.209/; sid:900606920; rev:1;) alert tcp $HOME_NET any -> [149.202.179.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.179.100/; sid:900606921; rev:1;) alert tcp $HOME_NET any -> [81.0.236.89] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.89/; sid:900606922; rev:1;) alert tcp $HOME_NET any -> [94.23.24.82] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.24.82/; sid:900606923; rev:1;) alert tcp $HOME_NET any -> [185.53.147.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.147.51/; sid:900606924; rev:1;) alert tcp $HOME_NET any -> [77.79.56.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.79.56.210/; sid:900606926; rev:1;) alert tcp $HOME_NET any -> [109.133.93.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.133.93.127/; sid:900606927; rev:1;) alert tcp $HOME_NET any -> [50.194.160.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606928; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606929; rev:1;) alert tcp $HOME_NET any -> [94.110.12.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.110.12.148/; sid:900606930; rev:1;) alert tcp $HOME_NET any -> [89.107.190.111] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.107.190.111/; sid:900606932; rev:1;) alert tcp $HOME_NET any -> [91.121.134.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.134.180/; sid:900606933; rev:1;) alert tcp $HOME_NET any -> [194.36.28.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.190/; sid:900606934; rev:1;) alert tcp $HOME_NET any -> [41.235.72.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.72.90/; sid:900606935; rev:1;) alert tcp $HOME_NET any -> [188.55.243.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.243.60/; sid:900606936; rev:1;) alert tcp $HOME_NET any -> [45.9.20.200] 2211 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606937; rev:1;) alert tcp $HOME_NET any -> [216.238.71.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606938; rev:1;) alert tcp $HOME_NET any -> [216.238.71.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606939; rev:1;) alert tcp $HOME_NET any -> [72.252.201.69] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606940; rev:1;) alert tcp $HOME_NET any -> [216.238.72.121] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606941; rev:1;) alert tcp $HOME_NET any -> [216.238.72.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606942; rev:1;) alert tcp $HOME_NET any -> [111.250.42.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.42.217/; sid:900606943; rev:1;) alert tcp $HOME_NET any -> [187.121.124.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.124.134/; sid:900606944; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606945; rev:1;) alert tcp $HOME_NET any -> [181.99.138.132] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.132/; sid:900606946; rev:1;) alert tcp $HOME_NET any -> [86.97.8.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.204/; sid:900606947; rev:1;) alert tcp $HOME_NET any -> [37.187.114.15] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.114.15/; sid:900606950; rev:1;) alert tcp $HOME_NET any -> [46.101.98.60] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.98.60/; sid:900606951; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900606952; rev:1;) alert tcp $HOME_NET any -> [93.147.212.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.212.206/; sid:900606953; rev:1;) alert tcp $HOME_NET any -> [103.74.143.53] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.74.143.53/; sid:900606954; rev:1;) alert tcp $HOME_NET any -> [207.180.235.71] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.235.71/; sid:900606956; rev:1;) alert tcp $HOME_NET any -> [104.130.140.69] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900606957; rev:1;) alert tcp $HOME_NET any -> [51.79.166.3] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.166.3/; sid:900606958; rev:1;) alert tcp $HOME_NET any -> [5.135.182.4] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.182.4/; sid:900606960; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606961; rev:1;) alert tcp $HOME_NET any -> [111.250.29.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.138/; sid:900606962; rev:1;) alert tcp $HOME_NET any -> [71.13.93.154] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606963; rev:1;) alert tcp $HOME_NET any -> [181.118.183.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.27/; sid:900606964; rev:1;) alert tcp $HOME_NET any -> [190.73.3.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.3.148/; sid:900606965; rev:1;) alert tcp $HOME_NET any -> [177.172.5.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.172.5.228/; sid:900606966; rev:1;) alert tcp $HOME_NET any -> [189.135.98.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.98.193/; sid:900606967; rev:1;) alert tcp $HOME_NET any -> [181.99.138.30] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.30/; sid:900606968; rev:1;) alert tcp $HOME_NET any -> [185.30.32.33] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.33/; sid:900606969; rev:1;) alert tcp $HOME_NET any -> [102.65.38.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.185/; sid:900606970; rev:1;) alert tcp $HOME_NET any -> [176.115.83.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.83.179/; sid:900606971; rev:1;) alert tcp $HOME_NET any -> [197.87.182.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.139/; sid:900606972; rev:1;) alert tcp $HOME_NET any -> [189.147.249.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.249.20/; sid:900606973; rev:1;) alert tcp $HOME_NET any -> [65.20.153.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.153.49/; sid:900606974; rev:1;) alert tcp $HOME_NET any -> [202.36.49.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.36.49.75/; sid:900606975; rev:1;) alert tcp $HOME_NET any -> [95.178.38.81] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.81/; sid:900606976; rev:1;) alert tcp $HOME_NET any -> [200.83.98.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.98.31/; sid:900606977; rev:1;) alert tcp $HOME_NET any -> [64.111.60.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.111.60.49/; sid:900606978; rev:1;) alert tcp $HOME_NET any -> [202.51.122.163] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.122.163/; sid:900606979; rev:1;) alert tcp $HOME_NET any -> [181.189.221.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.221.250/; sid:900606980; rev:1;) alert tcp $HOME_NET any -> [88.148.122.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.192/; sid:900606981; rev:1;) alert tcp $HOME_NET any -> [181.211.247.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.247.43/; sid:900606982; rev:1;) alert tcp $HOME_NET any -> [222.252.61.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.252.61.23/; sid:900606983; rev:1;) alert tcp $HOME_NET any -> [181.188.180.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.180.243/; sid:900606984; rev:1;) alert tcp $HOME_NET any -> [116.90.234.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.234.82/; sid:900606985; rev:1;) alert tcp $HOME_NET any -> [190.61.46.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.46.106/; sid:900606986; rev:1;) alert tcp $HOME_NET any -> [138.36.200.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.36.200.227/; sid:900606987; rev:1;) alert tcp $HOME_NET any -> [41.77.131.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.131.74/; sid:900606988; rev:1;) alert tcp $HOME_NET any -> [45.221.8.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.221.8.225/; sid:900606989; rev:1;) alert tcp $HOME_NET any -> [202.144.203.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.144.203.140/; sid:900606990; rev:1;) alert tcp $HOME_NET any -> [95.178.35.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.140/; sid:900606991; rev:1;) alert tcp $HOME_NET any -> [103.80.54.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.80.54.34/; sid:900606992; rev:1;) alert tcp $HOME_NET any -> [177.86.90.105] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.86.90.105/; sid:900606993; rev:1;) alert tcp $HOME_NET any -> [61.19.116.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.116.53/; sid:900606994; rev:1;) alert tcp $HOME_NET any -> [91.234.132.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.234.132.24/; sid:900606995; rev:1;) alert tcp $HOME_NET any -> [185.23.110.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.23.110.114/; sid:900606996; rev:1;) alert tcp $HOME_NET any -> [95.178.35.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.162/; sid:900606997; rev:1;) alert tcp $HOME_NET any -> [203.173.94.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.173.94.162/; sid:900606998; rev:1;) alert tcp $HOME_NET any -> [136.228.129.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.129.179/; sid:900606999; rev:1;) alert tcp $HOME_NET any -> [86.173.96.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.126/; sid:900607000; rev:1;) alert tcp $HOME_NET any -> [177.37.161.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.37.161.136/; sid:900607001; rev:1;) alert tcp $HOME_NET any -> [202.58.199.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.58.199.82/; sid:900607002; rev:1;) alert tcp $HOME_NET any -> [88.148.122.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.16/; sid:900607003; rev:1;) alert tcp $HOME_NET any -> [109.177.30.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.30.138/; sid:900607004; rev:1;) alert tcp $HOME_NET any -> [103.255.73.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.73.146/; sid:900607005; rev:1;) alert tcp $HOME_NET any -> [177.138.142.97] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.138.142.97/; sid:900607006; rev:1;) alert tcp $HOME_NET any -> [191.36.151.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.36.151.129/; sid:900607007; rev:1;) alert tcp $HOME_NET any -> [43.225.69.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.225.69.20/; sid:900607008; rev:1;) alert tcp $HOME_NET any -> [181.112.49.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.49.170/; sid:900607009; rev:1;) alert tcp $HOME_NET any -> [43.246.138.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.246.138.162/; sid:900607010; rev:1;) alert tcp $HOME_NET any -> [200.201.185.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.201.185.194/; sid:900607011; rev:1;) alert tcp $HOME_NET any -> [95.178.38.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.68/; sid:900607012; rev:1;) alert tcp $HOME_NET any -> [171.235.33.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.235.33.211/; sid:900607013; rev:1;) alert tcp $HOME_NET any -> [95.110.160.239] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.110.160.239/; sid:900607014; rev:1;) alert tcp $HOME_NET any -> [198.61.167.176] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.167.176/; sid:900607015; rev:1;) alert tcp $HOME_NET any -> [167.86.83.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.83.205/; sid:900607016; rev:1;) alert tcp $HOME_NET any -> [5.196.213.55] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.213.55/; sid:900607017; rev:1;) alert tcp $HOME_NET any -> [72.252.147.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607019; rev:1;) alert tcp $HOME_NET any -> [88.234.20.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.20.155/; sid:900607020; rev:1;) alert tcp $HOME_NET any -> [72.252.147.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607021; rev:1;) alert tcp $HOME_NET any -> [189.147.225.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.225.12/; sid:900607022; rev:1;) alert tcp $HOME_NET any -> [181.4.49.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.49.208/; sid:900607023; rev:1;) alert tcp $HOME_NET any -> [83.223.164.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.223.164.163/; sid:900607024; rev:1;) alert tcp $HOME_NET any -> [75.67.192.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.192.125/; sid:900607025; rev:1;) alert tcp $HOME_NET any -> [41.37.243.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.37.243.129/; sid:900607026; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900607027; rev:1;) alert tcp $HOME_NET any -> [129.208.156.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.156.253/; sid:900607028; rev:1;) alert tcp $HOME_NET any -> [78.153.126.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.153.126.175/; sid:900607029; rev:1;) alert tcp $HOME_NET any -> [5.44.57.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.57.191/; sid:900607031; rev:1;) alert tcp $HOME_NET any -> [24.32.202.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.32.202.68/; sid:900607033; rev:1;) alert tcp $HOME_NET any -> [102.65.38.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.57/; sid:900607034; rev:1;) alert tcp $HOME_NET any -> [220.255.25.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.187/; sid:900607041; rev:1;) alert tcp $HOME_NET any -> [111.250.56.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.56.31/; sid:900607042; rev:1;) alert tcp $HOME_NET any -> [109.177.77.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.77.68/; sid:900607043; rev:1;) alert tcp $HOME_NET any -> [181.118.183.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.31/; sid:900607044; rev:1;) alert tcp $HOME_NET any -> [187.121.88.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.88.3/; sid:900607045; rev:1;) alert tcp $HOME_NET any -> [188.27.119.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.119.243/; sid:900607046; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900607050; rev:1;) alert tcp $HOME_NET any -> [5.9.14.91] 10933 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.14.91/; sid:900607051; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900607052; rev:1;) alert tcp $HOME_NET any -> [45.184.36.10] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.36.10/; sid:900607053; rev:1;) alert tcp $HOME_NET any -> [173.249.28.143] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.28.143/; sid:900607054; rev:1;) alert tcp $HOME_NET any -> [103.8.26.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.102/; sid:900607055; rev:1;) alert tcp $HOME_NET any -> [103.8.26.103] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.103/; sid:900607056; rev:1;) alert tcp $HOME_NET any -> [188.93.125.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.93.125.116/; sid:900607057; rev:1;) alert tcp $HOME_NET any -> [45.76.176.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900607058; rev:1;) alert tcp $HOME_NET any -> [66.42.55.5] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.42.55.5/; sid:900607059; rev:1;) alert tcp $HOME_NET any -> [81.0.236.93] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900607060; rev:1;) alert tcp $HOME_NET any -> [94.177.248.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.248.64/; sid:900607061; rev:1;) alert tcp $HOME_NET any -> [168.197.250.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.197.250.14/; sid:900607062; rev:1;) alert tcp $HOME_NET any -> [142.4.219.173] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900607063; rev:1;) alert tcp $HOME_NET any -> [185.148.169.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.169.10/; sid:900607064; rev:1;) alert tcp $HOME_NET any -> [196.44.98.190] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.44.98.190/; sid:900607065; rev:1;) alert tcp $HOME_NET any -> [51.178.61.60] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900607066; rev:1;) alert tcp $HOME_NET any -> [51.210.242.234] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.242.234/; sid:900607067; rev:1;) alert tcp $HOME_NET any -> [177.72.80.14] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.72.80.14/; sid:900607068; rev:1;) alert tcp $HOME_NET any -> [200.7.198.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.198.138/; sid:900607069; rev:1;) alert tcp $HOME_NET any -> [212.175.98.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.175.98.171/; sid:900607070; rev:1;) alert tcp $HOME_NET any -> [51.68.175.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.175.8/; sid:900607071; rev:1;) alert tcp $HOME_NET any -> [210.57.217.132] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.57.217.132/; sid:900607072; rev:1;) alert tcp $HOME_NET any -> [45.79.33.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900607073; rev:1;) alert tcp $HOME_NET any -> [163.172.50.82] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.50.82/; sid:900607076; rev:1;) alert tcp $HOME_NET any -> [93.188.167.97] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.188.167.97/; sid:900607077; rev:1;) alert tcp $HOME_NET any -> [103.161.172.108] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.108/; sid:900607078; rev:1;) alert tcp $HOME_NET any -> [146.66.139.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.84/; sid:900607079; rev:1;) alert tcp $HOME_NET any -> [78.191.45.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.45.163/; sid:900607081; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607082; rev:1;) alert tcp $HOME_NET any -> [181.118.183.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.60/; sid:900607083; rev:1;) alert tcp $HOME_NET any -> [111.250.51.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.51.232/; sid:900607084; rev:1;) alert tcp $HOME_NET any -> [86.97.160.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.160.193/; sid:900607085; rev:1;) alert tcp $HOME_NET any -> [189.135.61.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.61.226/; sid:900607086; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607087; rev:1;) alert tcp $HOME_NET any -> [185.184.25.237] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.237/; sid:900607088; rev:1;) alert tcp $HOME_NET any -> [202.29.239.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.161/; sid:900607089; rev:1;) alert tcp $HOME_NET any -> [91.200.186.228] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.228/; sid:900607090; rev:1;) alert tcp $HOME_NET any -> [191.252.196.221] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.196.221/; sid:900607091; rev:1;) alert tcp $HOME_NET any -> [62.210.200.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.200.63/; sid:900607092; rev:1;) alert tcp $HOME_NET any -> [54.37.70.105] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900607093; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900607094; rev:1;) alert tcp $HOME_NET any -> [164.68.99.3] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.99.3/; sid:900607095; rev:1;) alert tcp $HOME_NET any -> [142.93.218.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.218.86/; sid:900607096; rev:1;) alert tcp $HOME_NET any -> [31.220.49.39] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607098; rev:1;) alert tcp $HOME_NET any -> [122.129.203.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.129.203.163/; sid:900607099; rev:1;) alert tcp $HOME_NET any -> [73.171.4.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.171.4.177/; sid:900607101; rev:1;) alert tcp $HOME_NET any -> [186.64.67.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.17/; sid:900607102; rev:1;) alert tcp $HOME_NET any -> [5.189.150.29] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.150.29/; sid:900607103; rev:1;) alert tcp $HOME_NET any -> [200.127.27.220] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.27.220/; sid:900607104; rev:1;) alert tcp $HOME_NET any -> [5.193.134.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.134.177/; sid:900607105; rev:1;) alert tcp $HOME_NET any -> [218.101.110.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.101.110.3/; sid:900607106; rev:1;) alert tcp $HOME_NET any -> [194.36.28.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.26/; sid:900607107; rev:1;) alert tcp $HOME_NET any -> [86.173.96.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.86/; sid:900607108; rev:1;) alert tcp $HOME_NET any -> [87.120.37.231] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.231/; sid:900607109; rev:1;) alert tcp $HOME_NET any -> [164.90.229.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.209/; sid:900607110; rev:1;) alert tcp $HOME_NET any -> [162.33.179.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.46/; sid:900607111; rev:1;) alert tcp $HOME_NET any -> [162.33.178.121] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.121/; sid:900607112; rev:1;) alert tcp $HOME_NET any -> [162.33.179.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.16/; sid:900607114; rev:1;) alert tcp $HOME_NET any -> [162.33.178.137] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.137/; sid:900607115; rev:1;) alert tcp $HOME_NET any -> [162.33.177.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.123/; sid:900607116; rev:1;) alert tcp $HOME_NET any -> [162.33.179.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.12/; sid:900607117; rev:1;) alert tcp $HOME_NET any -> [162.33.177.90] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.90/; sid:900607118; rev:1;) alert tcp $HOME_NET any -> [162.33.179.213] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.213/; sid:900607119; rev:1;) alert tcp $HOME_NET any -> [31.13.195.145] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.145/; sid:900607120; rev:1;) alert tcp $HOME_NET any -> [162.33.179.144] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.144/; sid:900607121; rev:1;) alert tcp $HOME_NET any -> [162.33.179.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.253/; sid:900607122; rev:1;) alert tcp $HOME_NET any -> [162.33.177.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.25/; sid:900607124; rev:1;) alert tcp $HOME_NET any -> [91.92.109.10] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.10/; sid:900607125; rev:1;) alert tcp $HOME_NET any -> [91.92.109.73] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.73/; sid:900607126; rev:1;) alert tcp $HOME_NET any -> [161.35.205.250] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.205.250/; sid:900607127; rev:1;) alert tcp $HOME_NET any -> [164.90.174.188] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.174.188/; sid:900607128; rev:1;) alert tcp $HOME_NET any -> [164.90.166.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.166.155/; sid:900607129; rev:1;) alert tcp $HOME_NET any -> [161.35.195.78] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.195.78/; sid:900607130; rev:1;) alert tcp $HOME_NET any -> [64.225.98.255] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.255/; sid:900607131; rev:1;) alert tcp $HOME_NET any -> [162.33.178.131] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.131/; sid:900607132; rev:1;) alert tcp $HOME_NET any -> [162.33.178.246] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.246/; sid:900607133; rev:1;) alert tcp $HOME_NET any -> [162.33.178.119] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.119/; sid:900607134; rev:1;) alert tcp $HOME_NET any -> [159.223.30.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.30.253/; sid:900607135; rev:1;) alert tcp $HOME_NET any -> [46.101.144.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.144.128/; sid:900607136; rev:1;) alert tcp $HOME_NET any -> [64.225.98.197] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.197/; sid:900607137; rev:1;) alert tcp $HOME_NET any -> [162.33.178.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.237/; sid:900607138; rev:1;) alert tcp $HOME_NET any -> [162.33.179.2] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.2/; sid:900607140; rev:1;) alert tcp $HOME_NET any -> [162.33.177.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.152/; sid:900607141; rev:1;) alert tcp $HOME_NET any -> [162.33.177.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.178/; sid:900607142; rev:1;) alert tcp $HOME_NET any -> [164.90.191.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.191.46/; sid:900607143; rev:1;) alert tcp $HOME_NET any -> [162.33.177.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.158/; sid:900607144; rev:1;) alert tcp $HOME_NET any -> [162.33.179.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.237/; sid:900607145; rev:1;) alert tcp $HOME_NET any -> [149.28.98.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.98.49/; sid:900607146; rev:1;) alert tcp $HOME_NET any -> [45.63.108.27] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.108.27/; sid:900607147; rev:1;) alert tcp $HOME_NET any -> [206.188.196.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.196.201/; sid:900607148; rev:1;) alert tcp $HOME_NET any -> [162.33.178.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.179/; sid:900607149; rev:1;) alert tcp $HOME_NET any -> [162.33.179.210] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.210/; sid:900607150; rev:1;) alert tcp $HOME_NET any -> [51.178.186.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.186.134/; sid:900607151; rev:1;) alert tcp $HOME_NET any -> [51.91.142.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.158/; sid:900607152; rev:1;) alert tcp $HOME_NET any -> [178.79.144.87] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.144.87/; sid:900607153; rev:1;) alert tcp $HOME_NET any -> [104.130.140.69] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900607154; rev:1;) alert tcp $HOME_NET any -> [51.79.205.117] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.205.117/; sid:900607155; rev:1;) alert tcp $HOME_NET any -> [185.85.17.16] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.85.17.16/; sid:900607157; rev:1;) alert tcp $HOME_NET any -> [50.21.183.143] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.183.143/; sid:900607158; rev:1;) alert tcp $HOME_NET any -> [185.99.2.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.197/; sid:900607159; rev:1;) alert tcp $HOME_NET any -> [75.188.35.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900607160; rev:1;) alert tcp $HOME_NET any -> [103.36.126.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.126.221/; sid:900607162; rev:1;) alert tcp $HOME_NET any -> [117.220.229.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.220.229.162/; sid:900607163; rev:1;) alert tcp $HOME_NET any -> [14.102.188.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.188.227/; sid:900607164; rev:1;) alert tcp $HOME_NET any -> [45.116.106.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.116.106.45/; sid:900607165; rev:1;) alert tcp $HOME_NET any -> [110.172.137.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.137.20/; sid:900607167; rev:1;) alert tcp $HOME_NET any -> [144.91.110.219] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.219/; sid:900607168; rev:1;) alert tcp $HOME_NET any -> [86.107.98.232] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.107.98.232/; sid:900607169; rev:1;) alert tcp $HOME_NET any -> [188.165.214.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607170; rev:1;) alert tcp $HOME_NET any -> [67.207.95.35] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.95.35/; sid:900607171; rev:1;) alert tcp $HOME_NET any -> [129.208.184.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.184.37/; sid:900607172; rev:1;) alert tcp $HOME_NET any -> [187.121.105.111] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.105.111/; sid:900607173; rev:1;) alert tcp $HOME_NET any -> [111.250.0.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.0.147/; sid:900607174; rev:1;) alert tcp $HOME_NET any -> [67.205.162.68] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.162.68/; sid:900607175; rev:1;) alert tcp $HOME_NET any -> [31.220.49.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607176; rev:1;) alert tcp $HOME_NET any -> [117.198.148.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.148.180/; sid:900607177; rev:1;) alert tcp $HOME_NET any -> [78.191.52.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.52.30/; sid:900607178; rev:1;) alert tcp $HOME_NET any -> [111.250.29.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.21/; sid:900607180; rev:1;) alert tcp $HOME_NET any -> [39.49.95.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.95.46/; sid:900607181; rev:1;) alert tcp $HOME_NET any -> [176.63.117.1] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.117.1/; sid:900607182; rev:1;) alert tcp $HOME_NET any -> [187.192.70.222] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.70.222/; sid:900607183; rev:1;) alert tcp $HOME_NET any -> [207.154.241.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.241.38/; sid:900607184; rev:1;) alert tcp $HOME_NET any -> [167.99.243.36] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.243.36/; sid:900607185; rev:1;) alert tcp $HOME_NET any -> [164.90.223.1] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.1/; sid:900607186; rev:1;) alert tcp $HOME_NET any -> [164.90.223.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.38/; sid:900607187; rev:1;) alert tcp $HOME_NET any -> [104.248.16.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.16.136/; sid:900607188; rev:1;) alert tcp $HOME_NET any -> [164.90.223.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.13/; sid:900607189; rev:1;) alert tcp $HOME_NET any -> [64.227.114.0] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.114.0/; sid:900607190; rev:1;) alert tcp $HOME_NET any -> [167.172.165.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.165.125/; sid:900607191; rev:1;) alert tcp $HOME_NET any -> [142.93.99.249] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.99.249/; sid:900607192; rev:1;) alert tcp $HOME_NET any -> [134.209.240.181] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.181/; sid:900607193; rev:1;) alert tcp $HOME_NET any -> [46.101.158.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.158.148/; sid:900607194; rev:1;) alert tcp $HOME_NET any -> [164.90.237.7] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.237.7/; sid:900607195; rev:1;) alert tcp $HOME_NET any -> [165.22.83.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.83.25/; sid:900607196; rev:1;) alert tcp $HOME_NET any -> [167.172.101.84] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.101.84/; sid:900607197; rev:1;) alert tcp $HOME_NET any -> [167.172.160.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.160.45/; sid:900607198; rev:1;) alert tcp $HOME_NET any -> [206.81.23.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.23.138/; sid:900607199; rev:1;) alert tcp $HOME_NET any -> [68.183.65.211] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.65.211/; sid:900607200; rev:1;) alert tcp $HOME_NET any -> [161.35.223.199] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.223.199/; sid:900607201; rev:1;) alert tcp $HOME_NET any -> [161.35.70.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.70.100/; sid:900607202; rev:1;) alert tcp $HOME_NET any -> [164.90.229.166] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.166/; sid:900607203; rev:1;) alert tcp $HOME_NET any -> [134.122.88.142] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.88.142/; sid:900607204; rev:1;) alert tcp $HOME_NET any -> [165.232.65.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.65.245/; sid:900607205; rev:1;) alert tcp $HOME_NET any -> [64.227.118.34] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.118.34/; sid:900607206; rev:1;) alert tcp $HOME_NET any -> [165.227.162.47] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.162.47/; sid:900607207; rev:1;) alert tcp $HOME_NET any -> [164.90.187.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.171/; sid:900607208; rev:1;) alert tcp $HOME_NET any -> [164.90.187.236] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.236/; sid:900607209; rev:1;) alert tcp $HOME_NET any -> [164.90.187.244] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.244/; sid:900607210; rev:1;) alert tcp $HOME_NET any -> [134.122.76.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.123/; sid:900607211; rev:1;) alert tcp $HOME_NET any -> [134.122.76.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.178/; sid:900607212; rev:1;) alert tcp $HOME_NET any -> [46.101.160.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.160.136/; sid:900607213; rev:1;) alert tcp $HOME_NET any -> [46.101.200.191] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.200.191/; sid:900607214; rev:1;) alert tcp $HOME_NET any -> [164.90.187.203] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.203/; sid:900607215; rev:1;) alert tcp $HOME_NET any -> [164.90.187.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.241/; sid:900607216; rev:1;) alert tcp $HOME_NET any -> [164.90.187.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.209/; sid:900607217; rev:1;) alert tcp $HOME_NET any -> [164.90.221.57] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.221.57/; sid:900607218; rev:1;) alert tcp $HOME_NET any -> [164.90.235.239] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.235.239/; sid:900607219; rev:1;) alert tcp $HOME_NET any -> [165.232.78.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.78.100/; sid:900607220; rev:1;) alert tcp $HOME_NET any -> [64.227.122.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.122.248/; sid:900607221; rev:1;) alert tcp $HOME_NET any -> [164.90.175.226] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.175.226/; sid:900607222; rev:1;) alert tcp $HOME_NET any -> [164.90.219.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.219.254/; sid:900607223; rev:1;) alert tcp $HOME_NET any -> [206.81.27.39] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.27.39/; sid:900607224; rev:1;) alert tcp $HOME_NET any -> [134.122.76.75] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.75/; sid:900607225; rev:1;) alert tcp $HOME_NET any -> [164.90.213.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.219/; sid:900607226; rev:1;) alert tcp $HOME_NET any -> [164.90.213.227] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.227/; sid:900607227; rev:1;) alert tcp $HOME_NET any -> [159.223.21.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.21.94/; sid:900607228; rev:1;) alert tcp $HOME_NET any -> [164.90.215.60] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.60/; sid:900607229; rev:1;) alert tcp $HOME_NET any -> [64.227.116.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.116.94/; sid:900607230; rev:1;) alert tcp $HOME_NET any -> [164.90.239.161] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.239.161/; sid:900607231; rev:1;) alert tcp $HOME_NET any -> [91.92.109.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.170/; sid:900607232; rev:1;) alert tcp $HOME_NET any -> [91.92.109.169] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.169/; sid:900607233; rev:1;) alert tcp $HOME_NET any -> [91.92.109.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.138/; sid:900607234; rev:1;) alert tcp $HOME_NET any -> [31.13.195.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.108/; sid:900607235; rev:1;) alert tcp $HOME_NET any -> [91.92.109.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.136/; sid:900607236; rev:1;) alert tcp $HOME_NET any -> [87.120.254.51] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.51/; sid:900607237; rev:1;) alert tcp $HOME_NET any -> [87.120.254.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.178/; sid:900607238; rev:1;) alert tcp $HOME_NET any -> [87.120.254.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.67/; sid:900607239; rev:1;) alert tcp $HOME_NET any -> [87.121.52.230] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.230/; sid:900607240; rev:1;) alert tcp $HOME_NET any -> [87.120.37.77] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.77/; sid:900607241; rev:1;) alert tcp $HOME_NET any -> [87.120.8.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.109/; sid:900607242; rev:1;) alert tcp $HOME_NET any -> [87.120.8.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.245/; sid:900607243; rev:1;) alert tcp $HOME_NET any -> [31.13.195.129] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.129/; sid:900607244; rev:1;) alert tcp $HOME_NET any -> [87.121.52.247] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.247/; sid:900607245; rev:1;) alert tcp $HOME_NET any -> [91.92.109.189] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.189/; sid:900607246; rev:1;) alert tcp $HOME_NET any -> [31.13.195.32] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.32/; sid:900607247; rev:1;) alert tcp $HOME_NET any -> [87.121.52.192] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.192/; sid:900607248; rev:1;) alert tcp $HOME_NET any -> [87.120.37.183] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.183/; sid:900607249; rev:1;) alert tcp $HOME_NET any -> [87.120.254.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.158/; sid:900607250; rev:1;) alert tcp $HOME_NET any -> [87.120.254.234] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.234/; sid:900607251; rev:1;) alert tcp $HOME_NET any -> [185.158.249.238] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.158.249.238/; sid:900607252; rev:1;) alert tcp $HOME_NET any -> [87.120.254.252] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.252/; sid:900607253; rev:1;) alert tcp $HOME_NET any -> [87.121.52.173] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.173/; sid:900607254; rev:1;) alert tcp $HOME_NET any -> [87.120.254.6] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.6/; sid:900607255; rev:1;) alert tcp $HOME_NET any -> [31.13.195.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.13/; sid:900607256; rev:1;) alert tcp $HOME_NET any -> [87.120.254.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.96/; sid:900607258; rev:1;) alert tcp $HOME_NET any -> [87.120.8.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.177/; sid:900607259; rev:1;) alert tcp $HOME_NET any -> [87.120.8.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.241/; sid:900607260; rev:1;) alert tcp $HOME_NET any -> [87.120.8.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.171/; sid:900607261; rev:1;) alert tcp $HOME_NET any -> [91.92.109.14] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.14/; sid:900607262; rev:1;) alert tcp $HOME_NET any -> [87.120.8.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.112/; sid:900607263; rev:1;) alert tcp $HOME_NET any -> [87.120.8.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.101/; sid:900607264; rev:1;) alert tcp $HOME_NET any -> [134.122.64.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.64.170/; sid:900607265; rev:1;) alert tcp $HOME_NET any -> [164.90.215.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.29/; sid:900607266; rev:1;) alert tcp $HOME_NET any -> [165.232.68.221] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.68.221/; sid:900607267; rev:1;) alert tcp $HOME_NET any -> [159.89.6.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.6.29/; sid:900607268; rev:1;) alert tcp $HOME_NET any -> [164.90.183.223] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.183.223/; sid:900607270; rev:1;) alert tcp $HOME_NET any -> [87.120.37.122] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.122/; sid:900607271; rev:1;) alert tcp $HOME_NET any -> [87.120.8.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.170/; sid:900607272; rev:1;) alert tcp $HOME_NET any -> [31.13.195.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.152/; sid:900607273; rev:1;) alert tcp $HOME_NET any -> [162.33.179.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.71/; sid:900607274; rev:1;) alert tcp $HOME_NET any -> [162.33.178.153] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.153/; sid:900607275; rev:1;) alert tcp $HOME_NET any -> [162.33.178.139] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.139/; sid:900607276; rev:1;) alert tcp $HOME_NET any -> [162.33.177.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.219/; sid:900607277; rev:1;) alert tcp $HOME_NET any -> [162.33.178.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.248/; sid:900607278; rev:1;) alert tcp $HOME_NET any -> [162.33.179.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.96/; sid:900607279; rev:1;) alert tcp $HOME_NET any -> [162.33.179.99] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.99/; sid:900607280; rev:1;) alert tcp $HOME_NET any -> [162.33.179.240] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.240/; sid:900607281; rev:1;) alert tcp $HOME_NET any -> [45.61.136.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.136.128/; sid:900607282; rev:1;) alert tcp $HOME_NET any -> [167.71.11.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.11.125/; sid:900607283; rev:1;) alert tcp $HOME_NET any -> [86.123.105.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.105.31/; sid:900607284; rev:1;) alert tcp $HOME_NET any -> [185.148.168.15] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.15/; sid:900607285; rev:1;) alert tcp $HOME_NET any -> [107.170.4.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.4.227/; sid:900607286; rev:1;) alert tcp $HOME_NET any -> [64.251.25.156] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.251.25.156/; sid:900607287; rev:1;) alert tcp $HOME_NET any -> [178.128.222.53] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.222.53/; sid:900607288; rev:1;) alert tcp $HOME_NET any -> [39.33.218.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.218.78/; sid:900607289; rev:1;) alert tcp $HOME_NET any -> [162.33.177.88] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.88/; sid:900607290; rev:1;) alert tcp $HOME_NET any -> [162.33.179.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.53/; sid:900607291; rev:1;) alert tcp $HOME_NET any -> [41.76.108.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900607292; rev:1;) alert tcp $HOME_NET any -> [188.165.214.166] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607294; rev:1;) alert tcp $HOME_NET any -> [117.54.140.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.140.98/; sid:900607295; rev:1;) alert tcp $HOME_NET any -> [188.40.33.77] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.33.77/; sid:900607296; rev:1;) alert tcp $HOME_NET any -> [45.63.36.79] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.36.79/; sid:900607297; rev:1;) alert tcp $HOME_NET any -> [45.79.80.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.80.198/; sid:900607298; rev:1;) alert tcp $HOME_NET any -> [162.33.178.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.12/; sid:900607299; rev:1;) alert tcp $HOME_NET any -> [217.165.237.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.237.42/; sid:900607300; rev:1;) alert tcp $HOME_NET any -> [162.33.179.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.245/; sid:900607301; rev:1;) alert tcp $HOME_NET any -> [162.33.177.217] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.217/; sid:900607302; rev:1;) alert tcp $HOME_NET any -> [162.33.178.20] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.20/; sid:900607303; rev:1;) alert tcp $HOME_NET any -> [162.33.179.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.67/; sid:900607304; rev:1;) alert tcp $HOME_NET any -> [27.5.4.111] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.4.111/; sid:900607305; rev:1;) alert tcp $HOME_NET any -> [189.135.21.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.21.162/; sid:900607306; rev:1;) alert tcp $HOME_NET any -> [189.147.174.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.174.121/; sid:900607307; rev:1;) alert tcp $HOME_NET any -> [86.97.10.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.10.14/; sid:900607308; rev:1;) alert tcp $HOME_NET any -> [51.68.138.110] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.138.110/; sid:900607309; rev:1;) alert tcp $HOME_NET any -> [23.253.208.162] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.208.162/; sid:900607310; rev:1;) alert tcp $HOME_NET any -> [206.189.150.190] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.150.190/; sid:900607311; rev:1;) alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900607312; rev:1;) alert tcp $HOME_NET any -> [200.114.247.160] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.247.160/; sid:900607313; rev:1;) alert tcp $HOME_NET any -> [162.33.178.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.49/; sid:900607316; rev:1;) alert tcp $HOME_NET any -> [174.20.72.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.20.72.123/; sid:900607318; rev:1;) alert tcp $HOME_NET any -> [117.198.156.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.156.228/; sid:900607319; rev:1;) alert tcp $HOME_NET any -> [45.63.5.129] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.5.129/; sid:900607321; rev:1;) alert tcp $HOME_NET any -> [128.199.192.135] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900607322; rev:1;) alert tcp $HOME_NET any -> [46.55.222.11] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.11/; sid:900607323; rev:1;) alert tcp $HOME_NET any -> [104.245.52.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900607324; rev:1;) alert tcp $HOME_NET any -> [62.171.184.244] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.171.184.244/; sid:900607325; rev:1;) alert tcp $HOME_NET any -> [62.210.82.223] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.82.223/; sid:900607326; rev:1;) alert tcp $HOME_NET any -> [142.93.66.245] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.66.245/; sid:900607327; rev:1;) alert tcp $HOME_NET any -> [119.59.125.140] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.125.140/; sid:900607328; rev:1;) alert tcp $HOME_NET any -> [81.223.127.86] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.223.127.86/; sid:900607329; rev:1;) alert tcp $HOME_NET any -> [186.64.67.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.31/; sid:900607330; rev:1;) alert tcp $HOME_NET any -> [189.135.34.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.34.124/; sid:900607331; rev:1;) alert tcp $HOME_NET any -> [129.208.154.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.154.145/; sid:900607332; rev:1;) alert tcp $HOME_NET any -> [45.79.248.254] 2222 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.248.254/; sid:900607333; rev:1;) alert tcp $HOME_NET any -> [94.177.217.88] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.217.88/; sid:900607334; rev:1;) alert tcp $HOME_NET any -> [144.91.110.55] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.55/; sid:900607335; rev:1;) alert tcp $HOME_NET any -> [149.56.106.83] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.106.83/; sid:900607336; rev:1;) alert tcp $HOME_NET any -> [185.4.135.165] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.165/; sid:900607337; rev:1;) alert tcp $HOME_NET any -> [78.180.170.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.170.159/; sid:900607338; rev:1;) alert tcp $HOME_NET any -> [172.104.227.98] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.227.98/; sid:900607339; rev:1;) alert tcp $HOME_NET any -> [31.207.89.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900607340; rev:1;) alert tcp $HOME_NET any -> [162.33.177.194] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.194/; sid:900607341; rev:1;) alert tcp $HOME_NET any -> [162.33.177.69] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.69/; sid:900607342; rev:1;) alert tcp $HOME_NET any -> [162.33.177.196] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.196/; sid:900607343; rev:1;) alert tcp $HOME_NET any -> [162.33.178.35] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.35/; sid:900607344; rev:1;) alert tcp $HOME_NET any -> [162.33.179.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.158/; sid:900607345; rev:1;) alert tcp $HOME_NET any -> [162.33.178.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.45/; sid:900607346; rev:1;) alert tcp $HOME_NET any -> [189.252.173.60] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.173.60/; sid:900607347; rev:1;) alert tcp $HOME_NET any -> [187.121.121.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.121.141/; sid:900607348; rev:1;) alert tcp $HOME_NET any -> [181.4.52.159] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.52.159/; sid:900607349; rev:1;) alert tcp $HOME_NET any -> [209.239.112.82] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900607350; rev:1;) alert tcp $HOME_NET any -> [116.124.128.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.124.128.206/; sid:900607351; rev:1;) alert tcp $HOME_NET any -> [51.159.35.157] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.159.35.157/; sid:900607352; rev:1;) alert tcp $HOME_NET any -> [207.180.228.237] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.228.237/; sid:900607353; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900607354; rev:1;) alert tcp $HOME_NET any -> [109.75.64.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.75.64.100/; sid:900607355; rev:1;) alert tcp $HOME_NET any -> [198.27.67.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900607356; rev:1;) alert tcp $HOME_NET any -> [104.238.138.234] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900607357; rev:1;) alert tcp $HOME_NET any -> [202.29.237.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.237.113/; sid:900607358; rev:1;) alert tcp $HOME_NET any -> [207.210.201.159] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.201.159/; sid:900607359; rev:1;) alert tcp $HOME_NET any -> [164.90.159.54] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.159.54/; sid:900607360; rev:1;) alert tcp $HOME_NET any -> [91.207.181.106] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.181.106/; sid:900607361; rev:1;) alert tcp $HOME_NET any -> [102.177.192.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.177.192.60/; sid:900607362; rev:1;) alert tcp $HOME_NET any -> [197.89.12.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.237/; sid:900607363; rev:1;) alert tcp $HOME_NET any -> [162.33.178.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.148/; sid:900607364; rev:1;) alert tcp $HOME_NET any -> [162.33.177.216] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.216/; sid:900607365; rev:1;) alert tcp $HOME_NET any -> [162.33.179.50] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.50/; sid:900607366; rev:1;) alert tcp $HOME_NET any -> [162.33.178.97] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.97/; sid:900607367; rev:1;) alert tcp $HOME_NET any -> [186.64.87.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.195/; sid:900607369; rev:1;) alert tcp $HOME_NET any -> [162.33.177.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.179/; sid:900607370; rev:1;) alert tcp $HOME_NET any -> [86.190.203.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.203.103/; sid:900607371; rev:1;) alert tcp $HOME_NET any -> [186.250.48.117] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900607372; rev:1;) alert tcp $HOME_NET any -> [92.240.254.110] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.240.254.110/; sid:900607373; rev:1;) alert tcp $HOME_NET any -> [103.47.60.57] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.60.57/; sid:900607376; rev:1;) alert tcp $HOME_NET any -> [86.49.161.18] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.49.161.18/; sid:900607377; rev:1;) alert tcp $HOME_NET any -> [83.138.53.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.138.53.138/; sid:900607378; rev:1;) alert tcp $HOME_NET any -> [162.33.178.30] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.30/; sid:900607379; rev:1;) alert tcp $HOME_NET any -> [151.106.39.36] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.106.39.36/; sid:900607380; rev:1;) alert tcp $HOME_NET any -> [172.105.78.60] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.78.60/; sid:900607381; rev:1;) alert tcp $HOME_NET any -> [23.246.204.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.246.204.126/; sid:900607382; rev:1;) alert tcp $HOME_NET any -> [103.124.144.123] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.144.123/; sid:900607383; rev:1;) alert tcp $HOME_NET any -> [94.177.218.33] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.218.33/; sid:900607391; rev:1;) alert tcp $HOME_NET any -> [176.31.163.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.163.17/; sid:900607392; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900607393; rev:1;) alert tcp $HOME_NET any -> [88.234.147.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.147.66/; sid:900607394; rev:1;) alert tcp $HOME_NET any -> [186.64.87.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.197/; sid:900607396; rev:1;) alert tcp $HOME_NET any -> [102.65.38.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.67/; sid:900607397; rev:1;) alert tcp $HOME_NET any -> [87.120.37.64] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.64/; sid:900607399; rev:1;) alert tcp $HOME_NET any -> [87.120.37.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.71/; sid:900607400; rev:1;) alert tcp $HOME_NET any -> [87.121.52.195] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.195/; sid:900607401; rev:1;) alert tcp $HOME_NET any -> [87.120.8.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.46/; sid:900607402; rev:1;) alert tcp $HOME_NET any -> [162.33.178.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.33/; sid:900607403; rev:1;) alert tcp $HOME_NET any -> [162.33.179.47] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.47/; sid:900607404; rev:1;) alert tcp $HOME_NET any -> [85.114.130.154] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.114.130.154/; sid:900607405; rev:1;) alert tcp $HOME_NET any -> [195.231.9.119] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.9.119/; sid:900607406; rev:1;) alert tcp $HOME_NET any -> [69.16.218.101] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.218.101/; sid:900607407; rev:1;) alert tcp $HOME_NET any -> [159.89.195.36] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.195.36/; sid:900607408; rev:1;) alert tcp $HOME_NET any -> [73.5.119.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.5.119.219/; sid:900607409; rev:1;) alert tcp $HOME_NET any -> [197.89.144.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.130/; sid:900607410; rev:1;) alert tcp $HOME_NET any -> [190.152.125.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.125.75/; sid:900607411; rev:1;) alert tcp $HOME_NET any -> [168.121.97.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.121.97.34/; sid:900607412; rev:1;) alert tcp $HOME_NET any -> [45.229.162.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.162.233/; sid:900607413; rev:1;) alert tcp $HOME_NET any -> [186.159.4.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.4.217/; sid:900607415; rev:1;) alert tcp $HOME_NET any -> [186.97.201.66] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.201.66/; sid:900607416; rev:1;) alert tcp $HOME_NET any -> [200.233.192.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.233.192.111/; sid:900607417; rev:1;) alert tcp $HOME_NET any -> [81.190.193.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.190.193.197/; sid:900607418; rev:1;) alert tcp $HOME_NET any -> [181.205.41.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.205.41.42/; sid:900607419; rev:1;) alert tcp $HOME_NET any -> [181.113.63.86] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.63.86/; sid:900607420; rev:1;) alert tcp $HOME_NET any -> [177.52.26.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.26.233/; sid:900607421; rev:1;) alert tcp $HOME_NET any -> [181.129.251.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.251.109/; sid:900607422; rev:1;) alert tcp $HOME_NET any -> [181.196.148.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.148.42/; sid:900607423; rev:1;) alert tcp $HOME_NET any -> [168.195.167.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.195.167.130/; sid:900607424; rev:1;) alert tcp $HOME_NET any -> [190.110.222.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.222.109/; sid:900607425; rev:1;) alert tcp $HOME_NET any -> [45.65.249.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.65.249.154/; sid:900607426; rev:1;) alert tcp $HOME_NET any -> [103.238.228.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.228.115/; sid:900607427; rev:1;) alert tcp $HOME_NET any -> [31.215.98.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.98.160/; sid:900607428; rev:1;) alert tcp $HOME_NET any -> [131.72.127.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.127.126/; sid:900607429; rev:1;) alert tcp $HOME_NET any -> [188.234.115.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.234.115.35/; sid:900607430; rev:1;) alert tcp $HOME_NET any -> [191.103.252.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.252.193/; sid:900607431; rev:1;) alert tcp $HOME_NET any -> [31.13.195.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.71/; sid:900607432; rev:1;) alert tcp $HOME_NET any -> [162.33.177.154] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.154/; sid:900607433; rev:1;) alert tcp $HOME_NET any -> [31.13.195.85] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.85/; sid:900607434; rev:1;) alert tcp $HOME_NET any -> [87.120.37.76] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.76/; sid:900607435; rev:1;) alert tcp $HOME_NET any -> [181.129.85.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.85.98/; sid:900607436; rev:1;) alert tcp $HOME_NET any -> [189.112.119.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.112.119.205/; sid:900607437; rev:1;) alert tcp $HOME_NET any -> [213.32.252.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.252.221/; sid:900607438; rev:1;) alert tcp $HOME_NET any -> [189.51.118.78] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.51.118.78/; sid:900607439; rev:1;) alert tcp $HOME_NET any -> [95.140.217.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.217.242/; sid:900607440; rev:1;) alert tcp $HOME_NET any -> [186.121.214.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.214.106/; sid:900607441; rev:1;) alert tcp $HOME_NET any -> [103.108.97.51] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.97.51/; sid:900607442; rev:1;) alert tcp $HOME_NET any -> [190.109.169.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.169.161/; sid:900607443; rev:1;) alert tcp $HOME_NET any -> [103.36.79.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.79.3/; sid:900607444; rev:1;) alert tcp $HOME_NET any -> [41.175.22.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.175.22.226/; sid:900607445; rev:1;) alert tcp $HOME_NET any -> [49.176.188.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.176.188.184/; sid:900607446; rev:1;) alert tcp $HOME_NET any -> [61.69.102.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.69.102.170/; sid:900607447; rev:1;) alert tcp $HOME_NET any -> [181.196.148.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.148.202/; sid:900607448; rev:1;) alert tcp $HOME_NET any -> [186.47.75.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.75.58/; sid:900607449; rev:1;) alert tcp $HOME_NET any -> [190.109.171.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.171.17/; sid:900607450; rev:1;) alert tcp $HOME_NET any -> [186.42.212.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.212.30/; sid:900607451; rev:1;) alert tcp $HOME_NET any -> [186.159.12.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.12.18/; sid:900607452; rev:1;) alert tcp $HOME_NET any -> [187.108.32.133] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.108.32.133/; sid:900607453; rev:1;) alert tcp $HOME_NET any -> [201.184.226.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.226.74/; sid:900607454; rev:1;) alert tcp $HOME_NET any -> [190.214.21.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.21.14/; sid:900607455; rev:1;) alert tcp $HOME_NET any -> [186.159.5.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.5.177/; sid:900607456; rev:1;) alert tcp $HOME_NET any -> [187.95.113.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.95.113.110/; sid:900607457; rev:1;) alert tcp $HOME_NET any -> [83.146.71.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.146.71.242/; sid:900607458; rev:1;) alert tcp $HOME_NET any -> [186.159.16.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.16.58/; sid:900607459; rev:1;) alert tcp $HOME_NET any -> [152.156.122.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.156.122.10/; sid:900607460; rev:1;) alert tcp $HOME_NET any -> [200.105.199.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.199.234/; sid:900607461; rev:1;) alert tcp $HOME_NET any -> [186.71.134.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.134.62/; sid:900607462; rev:1;) alert tcp $HOME_NET any -> [186.194.119.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.194.119.205/; sid:900607463; rev:1;) alert tcp $HOME_NET any -> [182.253.100.150] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.100.150/; sid:900607464; rev:1;) alert tcp $HOME_NET any -> [181.49.135.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.135.242/; sid:900607465; rev:1;) alert tcp $HOME_NET any -> [186.235.250.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.250.230/; sid:900607466; rev:1;) alert tcp $HOME_NET any -> [87.120.8.87] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.87/; sid:900607467; rev:1;) alert tcp $HOME_NET any -> [31.13.195.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.125/; sid:900607468; rev:1;) alert tcp $HOME_NET any -> [87.120.37.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.179/; sid:900607469; rev:1;) alert tcp $HOME_NET any -> [190.248.146.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.248.146.170/; sid:900607470; rev:1;) alert tcp $HOME_NET any -> [78.191.12.29] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.12.29/; sid:900607471; rev:1;) alert tcp $HOME_NET any -> [39.49.44.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.44.85/; sid:900607472; rev:1;) alert tcp $HOME_NET any -> [177.52.221.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.221.73/; sid:900607473; rev:1;) alert tcp $HOME_NET any -> [87.120.254.21] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.21/; sid:900607474; rev:1;) alert tcp $HOME_NET any -> [87.120.254.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.33/; sid:900607475; rev:1;) alert tcp $HOME_NET any -> [87.120.8.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.179/; sid:900607476; rev:1;) alert tcp $HOME_NET any -> [87.120.254.75] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.75/; sid:900607477; rev:1;) alert tcp $HOME_NET any -> [87.121.52.124] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.124/; sid:900607478; rev:1;) alert tcp $HOME_NET any -> [139.59.56.73] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.56.73/; sid:900607479; rev:1;) alert tcp $HOME_NET any -> [189.126.72.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.126.72.249/; sid:900607480; rev:1;) alert tcp $HOME_NET any -> [138.36.1.137] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.36.1.137/; sid:900607481; rev:1;) alert tcp $HOME_NET any -> [94.136.143.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.136.143.124/; sid:900607482; rev:1;) alert tcp $HOME_NET any -> [82.160.88.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.160.88.100/; sid:900607483; rev:1;) alert tcp $HOME_NET any -> [158.140.143.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.140.143.54/; sid:900607484; rev:1;) alert tcp $HOME_NET any -> [109.196.148.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.196.148.123/; sid:900607485; rev:1;) alert tcp $HOME_NET any -> [87.120.254.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.112/; sid:900607486; rev:1;) alert tcp $HOME_NET any -> [87.120.8.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.248/; sid:900607487; rev:1;) alert tcp $HOME_NET any -> [87.120.8.198] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.198/; sid:900607488; rev:1;) alert tcp $HOME_NET any -> [87.121.52.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.248/; sid:900607489; rev:1;) alert tcp $HOME_NET any -> [180.214.246.226] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.214.246.226/; sid:900607490; rev:1;) alert tcp $HOME_NET any -> [91.92.109.141] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.141/; sid:900607491; rev:1;) alert tcp $HOME_NET any -> [39.49.21.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.21.132/; sid:900607493; rev:1;) alert tcp $HOME_NET any -> [186.64.87.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.213/; sid:900607494; rev:1;) alert tcp $HOME_NET any -> [188.40.48.93] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.48.93/; sid:900607495; rev:1;) alert tcp $HOME_NET any -> [104.36.167.47] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.36.167.47/; sid:900607496; rev:1;) alert tcp $HOME_NET any -> [217.160.5.104] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.5.104/; sid:900607497; rev:1;) alert tcp $HOME_NET any -> [78.180.163.25] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.163.25/; sid:900607498; rev:1;) alert tcp $HOME_NET any -> [185.183.98.39] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.39/; sid:900607499; rev:1;) alert tcp $HOME_NET any -> [87.120.8.129] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.129/; sid:900607500; rev:1;) alert tcp $HOME_NET any -> [87.120.8.163] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.163/; sid:900607501; rev:1;) alert tcp $HOME_NET any -> [94.140.112.185] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.112.185/; sid:900607502; rev:1;) alert tcp $HOME_NET any -> [194.15.112.35] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.112.35/; sid:900607504; rev:1;) alert tcp $HOME_NET any -> [39.49.104.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.104.126/; sid:900607505; rev:1;) alert tcp $HOME_NET any -> [1.234.65.61] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.65.61/; sid:900607506; rev:1;) alert tcp $HOME_NET any -> [87.120.8.99] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.99/; sid:900607507; rev:1;) alert tcp $HOME_NET any -> [31.13.195.189] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.189/; sid:900607508; rev:1;) alert tcp $HOME_NET any -> [176.24.150.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.24.150.197/; sid:900607510; rev:1;) alert tcp $HOME_NET any -> [134.209.247.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.247.135/; sid:900607511; rev:1;) alert tcp $HOME_NET any -> [89.31.56.58] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.31.56.58/; sid:900607512; rev:1;) alert tcp $HOME_NET any -> [194.233.68.48] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.233.68.48/; sid:900607513; rev:1;) alert tcp $HOME_NET any -> [86.97.9.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.219/; sid:900607514; rev:1;) alert tcp $HOME_NET any -> [170.78.0.135] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.78.0.135/; sid:900607515; rev:1;) alert tcp $HOME_NET any -> [94.140.113.0] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.113.0/; sid:900607516; rev:1;) alert tcp $HOME_NET any -> [103.124.106.174] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.106.174/; sid:900607517; rev:1;) alert tcp $HOME_NET any -> [94.200.181.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.181.154/; sid:900607518; rev:1;) alert tcp $HOME_NET any -> [144.91.122.94] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.94/; sid:900607519; rev:1;) alert tcp $HOME_NET any -> [167.99.141.108] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.141.108/; sid:900607520; rev:1;) alert tcp $HOME_NET any -> [37.59.74.180] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.74.180/; sid:900607521; rev:1;) alert tcp $HOME_NET any -> [194.9.172.107] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.9.172.107/; sid:900607522; rev:1;) alert tcp $HOME_NET any -> [50.238.6.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.238.6.36/; sid:900607523; rev:1;) alert tcp $HOME_NET any -> [24.95.61.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.95.61.62/; sid:900607524; rev:1;) alert tcp $HOME_NET any -> [32.221.229.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.229.7/; sid:900607525; rev:1;) alert tcp $HOME_NET any -> [5.54.35.115] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.35.115/; sid:900607526; rev:1;) alert tcp $HOME_NET any -> [75.110.250.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.250.187/; sid:900607527; rev:1;) alert tcp $HOME_NET any -> [63.153.187.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.187.104/; sid:900607528; rev:1;) alert tcp $HOME_NET any -> [24.53.49.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.49.240/; sid:900607529; rev:1;) alert tcp $HOME_NET any -> [114.79.148.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.148.170/; sid:900607530; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607531; rev:1;) alert tcp $HOME_NET any -> [74.15.2.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.15.2.252/; sid:900607532; rev:1;) alert tcp $HOME_NET any -> [217.128.93.27] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.93.27/; sid:900607533; rev:1;) alert tcp $HOME_NET any -> [24.178.196.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.196.158/; sid:900607534; rev:1;) alert tcp $HOME_NET any -> [96.80.109.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.80.109.57/; sid:900607535; rev:1;) alert tcp $HOME_NET any -> [149.135.101.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.101.20/; sid:900607536; rev:1;) alert tcp $HOME_NET any -> [217.165.123.47] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.123.47/; sid:900607537; rev:1;) alert tcp $HOME_NET any -> [209.210.95.228] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900607538; rev:1;) alert tcp $HOME_NET any -> [80.14.196.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.14.196.176/; sid:900607539; rev:1;) alert tcp $HOME_NET any -> [67.209.195.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.195.198/; sid:900607540; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607541; rev:1;) alert tcp $HOME_NET any -> [24.222.20.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.20.254/; sid:900607542; rev:1;) alert tcp $HOME_NET any -> [86.98.53.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.53.83/; sid:900607543; rev:1;) alert tcp $HOME_NET any -> [76.169.147.192] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.169.147.192/; sid:900607544; rev:1;) alert tcp $HOME_NET any -> [23.233.146.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.146.92/; sid:900607545; rev:1;) alert tcp $HOME_NET any -> [70.51.134.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.181/; sid:900607546; rev:1;) alert tcp $HOME_NET any -> [187.189.86.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.86.168/; sid:900607547; rev:1;) alert tcp $HOME_NET any -> [65.128.36.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.128.36.247/; sid:900607548; rev:1;) alert tcp $HOME_NET any -> [106.51.48.170] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.48.170/; sid:900607549; rev:1;) alert tcp $HOME_NET any -> [182.191.92.203] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.92.203/; sid:900607550; rev:1;) alert tcp $HOME_NET any -> [111.125.245.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.245.116/; sid:900607551; rev:1;) alert tcp $HOME_NET any -> [114.79.145.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.145.28/; sid:900607552; rev:1;) alert tcp $HOME_NET any -> [194.29.101.118] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.29.101.118/; sid:900607554; rev:1;) alert tcp $HOME_NET any -> [87.121.52.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.177/; sid:900607555; rev:1;) alert tcp $HOME_NET any -> [87.120.8.91] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.91/; sid:900607556; rev:1;) alert tcp $HOME_NET any -> [59.6.7.83] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.6.7.83/; sid:900607557; rev:1;) alert tcp $HOME_NET any -> [82.152.39.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.152.39.39/; sid:900607558; rev:1;) alert tcp $HOME_NET any -> [70.163.1.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.163.1.219/; sid:900607559; rev:1;) alert tcp $HOME_NET any -> [95.5.133.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.5.133.68/; sid:900607560; rev:1;) alert tcp $HOME_NET any -> [78.101.82.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.198/; sid:900607561; rev:1;) alert tcp $HOME_NET any -> [37.211.157.100] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.157.100/; sid:900607562; rev:1;) alert tcp $HOME_NET any -> [79.167.192.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.192.206/; sid:900607563; rev:1;) alert tcp $HOME_NET any -> [103.143.8.71] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900607564; rev:1;) alert tcp $HOME_NET any -> [217.164.247.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.247.241/; sid:900607565; rev:1;) alert tcp $HOME_NET any -> [39.49.27.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.27.10/; sid:900607566; rev:1;) alert tcp $HOME_NET any -> [14.96.79.22] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.96.79.22/; sid:900607567; rev:1;) alert tcp $HOME_NET any -> [31.215.99.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.99.73/; sid:900607568; rev:1;) alert tcp $HOME_NET any -> [190.39.205.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.39.205.165/; sid:900607569; rev:1;) alert tcp $HOME_NET any -> [40.134.247.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.247.125/; sid:900607570; rev:1;) alert tcp $HOME_NET any -> [50.237.134.22] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.237.134.22/; sid:900607571; rev:1;) alert tcp $HOME_NET any -> [144.91.122.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.100/; sid:900607572; rev:1;) alert tcp $HOME_NET any -> [188.214.241.242] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.214.241.242/; sid:900607573; rev:1;) alert tcp $HOME_NET any -> [173.71.147.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.71.147.134/; sid:900607574; rev:1;) alert tcp $HOME_NET any -> [213.120.26.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.26.24/; sid:900607575; rev:1;) alert tcp $HOME_NET any -> [31.13.195.126] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.126/; sid:900607576; rev:1;) alert tcp $HOME_NET any -> [31.13.195.187] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.187/; sid:900607577; rev:1;) alert tcp $HOME_NET any -> [87.120.254.135] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.135/; sid:900607578; rev:1;) alert tcp $HOME_NET any -> [87.121.52.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.13/; sid:900607579; rev:1;) alert tcp $HOME_NET any -> [91.92.109.52] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.52/; sid:900607580; rev:1;) alert tcp $HOME_NET any -> [91.92.109.54] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.54/; sid:900607581; rev:1;) alert tcp $HOME_NET any -> [159.65.1.71] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.1.71/; sid:900607583; rev:1;) alert tcp $HOME_NET any -> [74.5.148.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.5.148.57/; sid:900607584; rev:1;) alert tcp $HOME_NET any -> [139.59.14.223] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.14.223/; sid:900607585; rev:1;) alert tcp $HOME_NET any -> [120.50.40.185] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.50.40.185/; sid:900607587; rev:1;) alert tcp $HOME_NET any -> [45.15.23.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.23.184/; sid:900607588; rev:1;) alert tcp $HOME_NET any -> [162.214.50.39] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.50.39/; sid:900607589; rev:1;) alert tcp $HOME_NET any -> [54.37.212.235] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.212.235/; sid:900607590; rev:1;) alert tcp $HOME_NET any -> [31.35.28.29] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.35.28.29/; sid:900607591; rev:1;) alert tcp $HOME_NET any -> [37.210.226.125] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.226.125/; sid:900607592; rev:1;) alert tcp $HOME_NET any -> [189.174.46.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.174.46.65/; sid:900607593; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607594; rev:1;) alert tcp $HOME_NET any -> [86.98.52.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.52.117/; sid:900607595; rev:1;) alert tcp $HOME_NET any -> [187.162.59.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.59.232/; sid:900607596; rev:1;) alert tcp $HOME_NET any -> [79.173.195.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.173.195.234/; sid:900607598; rev:1;) alert tcp $HOME_NET any -> [103.208.86.151] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.151/; sid:900607599; rev:1;) alert tcp $HOME_NET any -> [103.208.86.182] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.182/; sid:900607600; rev:1;) alert tcp $HOME_NET any -> [103.208.86.176] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.176/; sid:900607601; rev:1;) alert tcp $HOME_NET any -> [103.208.86.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.177/; sid:900607602; rev:1;) alert tcp $HOME_NET any -> [103.208.86.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.179/; sid:900607603; rev:1;) alert tcp $HOME_NET any -> [103.208.86.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.148/; sid:900607604; rev:1;) alert tcp $HOME_NET any -> [139.162.113.169] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.113.169/; sid:900607605; rev:1;) alert tcp $HOME_NET any -> [144.91.122.102] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.122.102/; sid:900607606; rev:1;) alert tcp $HOME_NET any -> [85.10.248.28] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.10.248.28/; sid:900607607; rev:1;) alert tcp $HOME_NET any -> [185.4.135.27] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.27/; sid:900607608; rev:1;) alert tcp $HOME_NET any -> [80.211.3.13] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.3.13/; sid:900607609; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607610; rev:1;) alert tcp $HOME_NET any -> [31.215.70.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.105/; sid:900607611; rev:1;) alert tcp $HOME_NET any -> [178.153.86.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.86.181/; sid:900607612; rev:1;) alert tcp $HOME_NET any -> [51.38.71.0] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.0/; sid:900607613; rev:1;) alert tcp $HOME_NET any -> [144.217.91.150] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.91.150/; sid:900607614; rev:1;) alert tcp $HOME_NET any -> [104.168.155.129] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900607615; rev:1;) alert tcp $HOME_NET any -> [121.175.104.13] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.104.13/; sid:900607616; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607617; rev:1;) alert tcp $HOME_NET any -> [217.39.100.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.39.100.89/; sid:900607618; rev:1;) alert tcp $HOME_NET any -> [94.62.161.77] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.62.161.77/; sid:900607619; rev:1;) alert tcp $HOME_NET any -> [83.110.91.18] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.18/; sid:900607620; rev:1;) alert tcp $HOME_NET any -> [86.97.9.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.221/; sid:900607621; rev:1;) alert tcp $HOME_NET any -> [78.180.66.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.66.163/; sid:900607622; rev:1;) alert tcp $HOME_NET any -> [69.14.172.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.14.172.24/; sid:900607623; rev:1;) alert tcp $HOME_NET any -> [54.37.70.105] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900607624; rev:1;) alert tcp $HOME_NET any -> [23.253.208.162] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.208.162/; sid:900607625; rev:1;) alert tcp $HOME_NET any -> [31.215.215.152] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.215.152/; sid:900607627; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607628; rev:1;) alert tcp $HOME_NET any -> [5.181.156.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.156.16/; sid:900607629; rev:1;) alert tcp $HOME_NET any -> [31.13.195.133] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.133/; sid:900607630; rev:1;) alert tcp $HOME_NET any -> [31.13.195.107] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.107/; sid:900607631; rev:1;) alert tcp $HOME_NET any -> [87.120.8.185] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.185/; sid:900607632; rev:1;) alert tcp $HOME_NET any -> [103.70.29.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.70.29.165/; sid:900607634; rev:1;) alert tcp $HOME_NET any -> [88.253.171.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.171.236/; sid:900607635; rev:1;) alert tcp $HOME_NET any -> [194.36.28.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.238/; sid:900607636; rev:1;) alert tcp $HOME_NET any -> [91.201.202.216] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.201.202.216/; sid:900607637; rev:1;) alert tcp $HOME_NET any -> [192.119.93.26] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.93.26/; sid:900607638; rev:1;) alert tcp $HOME_NET any -> [103.124.107.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.107.109/; sid:900607639; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607640; rev:1;) alert tcp $HOME_NET any -> [176.67.56.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.67.56.94/; sid:900607641; rev:1;) alert tcp $HOME_NET any -> [5.32.41.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.41.46/; sid:900607642; rev:1;) alert tcp $HOME_NET any -> [180.233.150.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.233.150.134/; sid:900607643; rev:1;) alert tcp $HOME_NET any -> [218.253.234.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.253.234.82/; sid:900607644; rev:1;) alert tcp $HOME_NET any -> [75.156.151.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.151.34/; sid:900607645; rev:1;) alert tcp $HOME_NET any -> [190.45.79.111] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.79.111/; sid:900607646; rev:1;) alert tcp $HOME_NET any -> [128.106.122.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.39/; sid:900607647; rev:1;) alert tcp $HOME_NET any -> [144.86.10.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.10.42/; sid:900607648; rev:1;) alert tcp $HOME_NET any -> [176.205.194.245] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.194.245/; sid:900607649; rev:1;) alert tcp $HOME_NET any -> [149.200.165.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.200.165.116/; sid:900607650; rev:1;) alert tcp $HOME_NET any -> [86.144.217.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.144.217.66/; sid:900607651; rev:1;) alert tcp $HOME_NET any -> [70.51.153.90] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.90/; sid:900607652; rev:1;) alert tcp $HOME_NET any -> [103.116.178.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900607654; rev:1;) alert tcp $HOME_NET any -> [176.205.209.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.209.183/; sid:900607655; rev:1;) alert tcp $HOME_NET any -> [91.121.146.47] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.146.47/; sid:900607656; rev:1;) alert tcp $HOME_NET any -> [103.70.29.126] 593 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.70.29.126/; sid:900607657; rev:1;) alert tcp $HOME_NET any -> [103.9.36.172] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.36.172/; sid:900607658; rev:1;) alert tcp $HOME_NET any -> [103.139.242.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.30/; sid:900607659; rev:1;) alert tcp $HOME_NET any -> [46.101.175.170] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.175.170/; sid:900607660; rev:1;) alert tcp $HOME_NET any -> [72.66.116.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.66.116.235/; sid:900607661; rev:1;) alert tcp $HOME_NET any -> [139.99.30.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.30.176/; sid:900607665; rev:1;) alert tcp $HOME_NET any -> [82.98.180.154] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.98.180.154/; sid:900607666; rev:1;) alert tcp $HOME_NET any -> [103.208.86.228] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.228/; sid:900607667; rev:1;) alert tcp $HOME_NET any -> [103.208.86.233] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.233/; sid:900607668; rev:1;) alert tcp $HOME_NET any -> [209.59.138.75] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.138.75/; sid:900607669; rev:1;) alert tcp $HOME_NET any -> [131.100.24.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900607670; rev:1;) alert tcp $HOME_NET any -> [45.138.98.34] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.98.34/; sid:900607673; rev:1;) alert tcp $HOME_NET any -> [69.16.218.101] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.218.101/; sid:900607674; rev:1;) alert tcp $HOME_NET any -> [5.181.80.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.108/; sid:900607675; rev:1;) alert tcp $HOME_NET any -> [94.140.115.3] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.115.3/; sid:900607676; rev:1;) alert tcp $HOME_NET any -> [45.15.131.126] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.131.126/; sid:900607677; rev:1;) alert tcp $HOME_NET any -> [193.169.86.84] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.169.86.84/; sid:900607679; rev:1;) alert tcp $HOME_NET any -> [45.41.204.150] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.150/; sid:900607680; rev:1;) alert tcp $HOME_NET any -> [148.163.42.203] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.163.42.203/; sid:900607681; rev:1;) alert tcp $HOME_NET any -> [185.163.45.132] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.132/; sid:900607683; rev:1;) alert tcp $HOME_NET any -> [87.121.52.231] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.231/; sid:900607685; rev:1;) alert tcp $HOME_NET any -> [200.75.131.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.131.234/; sid:900607686; rev:1;) alert tcp $HOME_NET any -> [144.217.88.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.88.125/; sid:900607687; rev:1;) alert tcp $HOME_NET any -> [5.39.63.103] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.63.103/; sid:900607690; rev:1;) alert tcp $HOME_NET any -> [5.181.80.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.177/; sid:900607691; rev:1;) alert tcp $HOME_NET any -> [80.71.158.22] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.22/; sid:900607692; rev:1;) alert tcp $HOME_NET any -> [94.140.113.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.113.53/; sid:900607693; rev:1;) alert tcp $HOME_NET any -> [23.160.193.119] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.119/; sid:900607694; rev:1;) alert tcp $HOME_NET any -> [144.217.50.242] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.242/; sid:900607695; rev:1;) alert tcp $HOME_NET any -> [142.11.237.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.237.178/; sid:900607697; rev:1;) alert tcp $HOME_NET any -> [23.160.193.190] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.190/; sid:900607698; rev:1;) alert tcp $HOME_NET any -> [23.160.193.221] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.221/; sid:900607699; rev:1;) alert tcp $HOME_NET any -> [80.71.158.106] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.106/; sid:900607700; rev:1;) alert tcp $HOME_NET any -> [148.163.42.213] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.163.42.213/; sid:900607701; rev:1;) alert tcp $HOME_NET any -> [162.55.32.153] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.55.32.153/; sid:900607702; rev:1;) alert tcp $HOME_NET any -> [185.99.132.121] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.132.121/; sid:900607703; rev:1;) alert tcp $HOME_NET any -> [185.183.96.244] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.244/; sid:900607704; rev:1;) alert tcp $HOME_NET any -> [188.127.235.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.127.235.177/; sid:900607705; rev:1;) alert tcp $HOME_NET any -> [194.15.113.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.113.155/; sid:900607706; rev:1;) alert tcp $HOME_NET any -> [104.143.94.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.143.94.101/; sid:900607707; rev:1;) alert tcp $HOME_NET any -> [103.208.86.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.245/; sid:900607708; rev:1;) alert tcp $HOME_NET any -> [37.203.225.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.203.225.248/; sid:900607709; rev:1;) alert tcp $HOME_NET any -> [32.221.231.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.231.1/; sid:900607710; rev:1;) alert tcp $HOME_NET any -> [83.110.2.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.2.97/; sid:900607711; rev:1;) alert tcp $HOME_NET any -> [86.98.32.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.32.228/; sid:900607712; rev:1;) alert tcp $HOME_NET any -> [130.164.129.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.129.3/; sid:900607713; rev:1;) alert tcp $HOME_NET any -> [31.167.160.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.160.170/; sid:900607714; rev:1;) alert tcp $HOME_NET any -> [75.139.7.190] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.7.190/; sid:900607715; rev:1;) alert tcp $HOME_NET any -> [89.114.156.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.114.156.182/; sid:900607716; rev:1;) alert tcp $HOME_NET any -> [86.98.47.119] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.47.119/; sid:900607717; rev:1;) alert tcp $HOME_NET any -> [185.249.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.209/; sid:900607718; rev:1;) alert tcp $HOME_NET any -> [94.59.253.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.253.222/; sid:900607719; rev:1;) alert tcp $HOME_NET any -> [78.101.147.76] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.147.76/; sid:900607720; rev:1;) alert tcp $HOME_NET any -> [37.210.172.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.172.200/; sid:900607721; rev:1;) alert tcp $HOME_NET any -> [31.215.99.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.99.178/; sid:900607722; rev:1;) alert tcp $HOME_NET any -> [39.49.110.129] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.110.129/; sid:900607723; rev:1;) alert tcp $HOME_NET any -> [86.97.246.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.244/; sid:900607724; rev:1;) alert tcp $HOME_NET any -> [86.97.246.244] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.244/; sid:900607725; rev:1;) alert tcp $HOME_NET any -> [70.51.153.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.245/; sid:900607726; rev:1;) alert tcp $HOME_NET any -> [70.45.174.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.174.173/; sid:900607727; rev:1;) alert tcp $HOME_NET any -> [31.215.69.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.82/; sid:900607728; rev:1;) alert tcp $HOME_NET any -> [45.80.148.200] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.200/; sid:900607729; rev:1;) alert tcp $HOME_NET any -> [80.211.3.13] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.3.13/; sid:900607730; rev:1;) alert tcp $HOME_NET any -> [162.243.175.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.175.63/; sid:900607731; rev:1;) alert tcp $HOME_NET any -> [78.87.44.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.44.54/; sid:900607732; rev:1;) alert tcp $HOME_NET any -> [220.255.25.1] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.1/; sid:900607734; rev:1;) alert tcp $HOME_NET any -> [60.54.102.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.102.15/; sid:900607735; rev:1;) alert tcp $HOME_NET any -> [144.86.28.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.28.125/; sid:900607736; rev:1;) alert tcp $HOME_NET any -> [197.89.105.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.105.165/; sid:900607737; rev:1;) alert tcp $HOME_NET any -> [92.99.167.144] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.167.144/; sid:900607738; rev:1;) alert tcp $HOME_NET any -> [186.64.87.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.207/; sid:900607739; rev:1;) alert tcp $HOME_NET any -> [27.5.4.194] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.4.194/; sid:900607740; rev:1;) alert tcp $HOME_NET any -> [51.77.82.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.125/; sid:900607741; rev:1;) alert tcp $HOME_NET any -> [69.197.160.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.197.160.180/; sid:900607742; rev:1;) alert tcp $HOME_NET any -> [217.128.171.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.171.34/; sid:900607743; rev:1;) alert tcp $HOME_NET any -> [31.215.68.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.68.214/; sid:900607744; rev:1;) alert tcp $HOME_NET any -> [75.139.6.238] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.6.238/; sid:900607745; rev:1;) alert tcp $HOME_NET any -> [129.208.24.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.24.13/; sid:900607746; rev:1;) alert tcp $HOME_NET any -> [89.211.212.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.212.28/; sid:900607747; rev:1;) alert tcp $HOME_NET any -> [37.210.224.4] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.224.4/; sid:900607748; rev:1;) alert tcp $HOME_NET any -> [39.49.49.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.49.175/; sid:900607749; rev:1;) alert tcp $HOME_NET any -> [70.50.147.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.147.95/; sid:900607750; rev:1;) alert tcp $HOME_NET any -> [41.226.30.6] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.226.30.6/; sid:900607751; rev:1;) alert tcp $HOME_NET any -> [162.243.16.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.16.232/; sid:900607752; rev:1;) alert tcp $HOME_NET any -> [104.236.168.190] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.168.190/; sid:900607753; rev:1;) alert tcp $HOME_NET any -> [210.2.86.96] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.86.96/; sid:900607754; rev:1;) alert tcp $HOME_NET any -> [190.206.211.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.206.211.182/; sid:900607755; rev:1;) alert tcp $HOME_NET any -> [78.96.235.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.96.235.245/; sid:900607756; rev:1;) alert tcp $HOME_NET any -> [185.244.166.137] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.166.137/; sid:900607757; rev:1;) alert tcp $HOME_NET any -> [85.25.120.45] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.120.45/; sid:900607758; rev:1;) alert tcp $HOME_NET any -> [185.168.130.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.168.130.138/; sid:900607759; rev:1;) alert tcp $HOME_NET any -> [59.148.253.194] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900607760; rev:1;) alert tcp $HOME_NET any -> [203.153.216.46] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.46/; sid:900607761; rev:1;) alert tcp $HOME_NET any -> [75.168.192.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.168.192.223/; sid:900607762; rev:1;) alert tcp $HOME_NET any -> [113.28.253.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.28.253.9/; sid:900607763; rev:1;) alert tcp $HOME_NET any -> [73.59.201.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.59.201.174/; sid:900607764; rev:1;) alert tcp $HOME_NET any -> [39.44.254.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.254.218/; sid:900607765; rev:1;) alert tcp $HOME_NET any -> [5.181.156.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.156.53/; sid:900607766; rev:1;) alert tcp $HOME_NET any -> [87.120.37.114] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.114/; sid:900607767; rev:1;) alert tcp $HOME_NET any -> [94.140.115.130] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.115.130/; sid:900607768; rev:1;) alert tcp $HOME_NET any -> [103.114.163.175] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.114.163.175/; sid:900607769; rev:1;) alert tcp $HOME_NET any -> [165.227.114.118] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.114.118/; sid:900607770; rev:1;) alert tcp $HOME_NET any -> [87.106.97.83] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900607771; rev:1;) alert tcp $HOME_NET any -> [80.71.158.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.109/; sid:900607772; rev:1;) alert tcp $HOME_NET any -> [89.32.148.223] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.148.223/; sid:900607773; rev:1;) alert tcp $HOME_NET any -> [188.40.137.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900607774; rev:1;) alert tcp $HOME_NET any -> [159.69.43.124] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.43.124/; sid:900607775; rev:1;) alert tcp $HOME_NET any -> [45.79.80.198] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.80.198/; sid:900607776; rev:1;) alert tcp $HOME_NET any -> [45.13.132.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.13.132.26/; sid:900607777; rev:1;) alert tcp $HOME_NET any -> [23.160.193.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.16/; sid:900607778; rev:1;) alert tcp $HOME_NET any -> [23.160.193.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.12/; sid:900607779; rev:1;) alert tcp $HOME_NET any -> [23.160.193.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.38/; sid:900607780; rev:1;) alert tcp $HOME_NET any -> [185.99.132.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.132.109/; sid:900607782; rev:1;) alert tcp $HOME_NET any -> [51.15.4.22] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.4.22/; sid:900607783; rev:1;) alert tcp $HOME_NET any -> [173.214.173.220] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.214.173.220/; sid:900607784; rev:1;) alert tcp $HOME_NET any -> [185.157.82.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.157.82.209/; sid:900607785; rev:1;) alert tcp $HOME_NET any -> [94.158.245.232] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.232/; sid:900607786; rev:1;) alert tcp $HOME_NET any -> [72.252.201.34] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607787; rev:1;) alert tcp $HOME_NET any -> [46.101.126.21] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.126.21/; sid:900607788; rev:1;) alert tcp $HOME_NET any -> [217.61.108.175] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.61.108.175/; sid:900607789; rev:1;) alert tcp $HOME_NET any -> [74.63.218.139] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900607790; rev:1;) alert tcp $HOME_NET any -> [181.57.137.115] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.137.115/; sid:900607791; rev:1;) alert tcp $HOME_NET any -> [62.141.45.103] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.141.45.103/; sid:900607792; rev:1;) alert tcp $HOME_NET any -> [159.65.163.220] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.163.220/; sid:900607793; rev:1;) alert tcp $HOME_NET any -> [162.144.76.184] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900607794; rev:1;) alert tcp $HOME_NET any -> [128.199.93.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.93.156/; sid:900607795; rev:1;) alert tcp $HOME_NET any -> [160.16.102.168] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.102.168/; sid:900607796; rev:1;) alert tcp $HOME_NET any -> [159.89.230.105] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.230.105/; sid:900607797; rev:1;) alert tcp $HOME_NET any -> [198.199.98.78] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.98.78/; sid:900607798; rev:1;) alert tcp $HOME_NET any -> [139.196.72.155] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.196.72.155/; sid:900607799; rev:1;) alert tcp $HOME_NET any -> [74.207.230.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.230.120/; sid:900607800; rev:1;) alert tcp $HOME_NET any -> [72.249.22.245] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900607801; rev:1;) alert tcp $HOME_NET any -> [51.68.138.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.138.110/; sid:900607802; rev:1;) alert tcp $HOME_NET any -> [73.136.32.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.136.32.202/; sid:900607803; rev:1;) alert tcp $HOME_NET any -> [5.39.63.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.63.98/; sid:900607804; rev:1;) alert tcp $HOME_NET any -> [45.14.226.23] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.14.226.23/; sid:900607805; rev:1;) alert tcp $HOME_NET any -> [144.217.50.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.254/; sid:900607806; rev:1;) alert tcp $HOME_NET any -> [146.19.253.90] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.90/; sid:900607807; rev:1;) alert tcp $HOME_NET any -> [185.163.45.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.201/; sid:900607808; rev:1;) alert tcp $HOME_NET any -> [185.163.45.173] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.173/; sid:900607809; rev:1;) alert tcp $HOME_NET any -> [194.40.243.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.40.243.33/; sid:900607810; rev:1;) alert tcp $HOME_NET any -> [194.38.20.33] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.38.20.33/; sid:900607811; rev:1;) alert tcp $HOME_NET any -> [194.180.174.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.180.174.138/; sid:900607812; rev:1;) alert tcp $HOME_NET any -> [138.197.64.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.64.211/; sid:900607813; rev:1;) alert tcp $HOME_NET any -> [177.39.156.177] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.39.156.177/; sid:900607814; rev:1;) alert tcp $HOME_NET any -> [144.76.186.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.186.49/; sid:900607817; rev:1;) alert tcp $HOME_NET any -> [69.64.62.4] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900607818; rev:1;) alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900607819; rev:1;) alert tcp $HOME_NET any -> [37.186.54.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.18/; sid:900607820; rev:1;) alert tcp $HOME_NET any -> [186.64.87.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.224/; sid:900607821; rev:1;) alert tcp $HOME_NET any -> [76.23.237.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.23.237.163/; sid:900607822; rev:1;) alert tcp $HOME_NET any -> [193.251.59.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.251.59.245/; sid:900607823; rev:1;) alert tcp $HOME_NET any -> [89.211.184.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.184.52/; sid:900607824; rev:1;) alert tcp $HOME_NET any -> [129.208.150.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.150.26/; sid:900607825; rev:1;) alert tcp $HOME_NET any -> [70.51.152.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.153/; sid:900607826; rev:1;) alert tcp $HOME_NET any -> [78.171.227.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.171.227.181/; sid:900607827; rev:1;) alert tcp $HOME_NET any -> [130.164.164.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.164.12/; sid:900607828; rev:1;) alert tcp $HOME_NET any -> [83.110.218.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.201/; sid:900607829; rev:1;) alert tcp $HOME_NET any -> [86.98.157.250] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.250/; sid:900607830; rev:1;) alert tcp $HOME_NET any -> [217.164.119.78] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.78/; sid:900607831; rev:1;) alert tcp $HOME_NET any -> [31.215.98.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.98.47/; sid:900607832; rev:1;) alert tcp $HOME_NET any -> [83.110.3.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.3.0/; sid:900607833; rev:1;) alert tcp $HOME_NET any -> [197.89.21.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.21.45/; sid:900607834; rev:1;) alert tcp $HOME_NET any -> [39.49.13.108] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.13.108/; sid:900607835; rev:1;) alert tcp $HOME_NET any -> [184.100.174.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.100.174.73/; sid:900607836; rev:1;) alert tcp $HOME_NET any -> [94.249.93.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.249.93.70/; sid:900607837; rev:1;) alert tcp $HOME_NET any -> [41.230.62.211] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.62.211/; sid:900607838; rev:1;) alert tcp $HOME_NET any -> [45.89.127.63] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.63/; sid:900607842; rev:1;) alert tcp $HOME_NET any -> [80.71.158.110] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.110/; sid:900607843; rev:1;) alert tcp $HOME_NET any -> [45.41.204.137] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.137/; sid:900607845; rev:1;) alert tcp $HOME_NET any -> [23.160.193.24] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.24/; sid:900607846; rev:1;) alert tcp $HOME_NET any -> [5.2.78.37] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.37/; sid:900607847; rev:1;) alert tcp $HOME_NET any -> [45.12.90.144] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.12.90.144/; sid:900607848; rev:1;) alert tcp $HOME_NET any -> [45.184.36.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.36.10/; sid:900607849; rev:1;) alert tcp $HOME_NET any -> [103.75.201.4] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.4/; sid:900607851; rev:1;) alert tcp $HOME_NET any -> [149.202.179.100] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.179.100/; sid:900607852; rev:1;) alert tcp $HOME_NET any -> [86.216.251.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.216.251.231/; sid:900607853; rev:1;) alert tcp $HOME_NET any -> [161.142.48.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.48.132/; sid:900607854; rev:1;) alert tcp $HOME_NET any -> [89.86.33.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.86.33.217/; sid:900607855; rev:1;) alert tcp $HOME_NET any -> [103.82.248.59] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.248.59/; sid:900607856; rev:1;) alert tcp $HOME_NET any -> [180.250.21.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900607857; rev:1;) alert tcp $HOME_NET any -> [142.93.76.76] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900607858; rev:1;) alert tcp $HOME_NET any -> [43.229.206.214] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900607859; rev:1;) alert tcp $HOME_NET any -> [45.71.195.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.71.195.120/; sid:900607860; rev:1;) alert tcp $HOME_NET any -> [149.56.163.161] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.163.161/; sid:900607861; rev:1;) alert tcp $HOME_NET any -> [23.246.204.126] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.246.204.126/; sid:900607862; rev:1;) alert tcp $HOME_NET any -> [212.237.5.209] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.5.209/; sid:900607863; rev:1;) alert tcp $HOME_NET any -> [185.184.25.78] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.78/; sid:900607864; rev:1;) alert tcp $HOME_NET any -> [54.37.106.167] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900607865; rev:1;) alert tcp $HOME_NET any -> [172.105.115.71] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.115.71/; sid:900607866; rev:1;) alert tcp $HOME_NET any -> [104.251.214.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.251.214.46/; sid:900607867; rev:1;) alert tcp $HOME_NET any -> [192.254.71.210] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.71.210/; sid:900607868; rev:1;) alert tcp $HOME_NET any -> [144.76.186.55] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.186.55/; sid:900607869; rev:1;) alert tcp $HOME_NET any -> [192.95.56.148] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.95.56.148/; sid:900607870; rev:1;) alert tcp $HOME_NET any -> [178.128.83.165] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900607871; rev:1;) alert tcp $HOME_NET any -> [93.104.208.37] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.104.208.37/; sid:900607872; rev:1;) alert tcp $HOME_NET any -> [174.136.15.27] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.136.15.27/; sid:900607873; rev:1;) alert tcp $HOME_NET any -> [185.122.58.89] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.122.58.89/; sid:900607874; rev:1;) alert tcp $HOME_NET any -> [94.140.114.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.254/; sid:900607876; rev:1;) alert tcp $HOME_NET any -> [139.28.235.26] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.235.26/; sid:900607879; rev:1;) alert tcp $HOME_NET any -> [45.79.173.200] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.173.200/; sid:900607882; rev:1;) alert tcp $HOME_NET any -> [54.36.98.59] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.98.59/; sid:900607883; rev:1;) alert tcp $HOME_NET any -> [67.205.162.68] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.162.68/; sid:900607884; rev:1;) alert tcp $HOME_NET any -> [109.230.199.106] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.230.199.106/; sid:900607885; rev:1;) alert tcp $HOME_NET any -> [194.76.227.89] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.76.227.89/; sid:900607886; rev:1;) alert tcp $HOME_NET any -> [73.67.152.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.67.152.98/; sid:900607887; rev:1;) alert tcp $HOME_NET any -> [45.41.204.156] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.156/; sid:900607888; rev:1;) alert tcp $HOME_NET any -> [194.38.20.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.38.20.12/; sid:900607889; rev:1;) alert tcp $HOME_NET any -> [185.158.251.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.158.251.101/; sid:900607890; rev:1;) alert tcp $HOME_NET any -> [80.71.158.42] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.158.42/; sid:900607892; rev:1;) alert tcp $HOME_NET any -> [8.9.11.48] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.9.11.48/; sid:900607893; rev:1;) alert tcp $HOME_NET any -> [103.42.57.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.17/; sid:900607894; rev:1;) alert tcp $HOME_NET any -> [92.177.45.46] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.177.45.46/; sid:900607895; rev:1;) alert tcp $HOME_NET any -> [185.248.140.40] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.248.140.40/; sid:900607896; rev:1;) alert tcp $HOME_NET any -> [198.252.108.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.252.108.16/; sid:900607897; rev:1;) alert tcp $HOME_NET any -> [75.169.58.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.169.58.229/; sid:900607898; rev:1;) alert tcp $HOME_NET any -> [192.119.162.97] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.162.97/; sid:900607899; rev:1;) alert tcp $HOME_NET any -> [23.160.193.223] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.223/; sid:900607900; rev:1;) alert tcp $HOME_NET any -> [45.41.204.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.41.204.158/; sid:900607901; rev:1;) alert tcp $HOME_NET any -> [198.199.126.144] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.126.144/; sid:900607902; rev:1;) alert tcp $HOME_NET any -> [207.38.84.195] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.38.84.195/; sid:900607904; rev:1;) alert tcp $HOME_NET any -> [31.215.29.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.29.238/; sid:900607905; rev:1;) alert tcp $HOME_NET any -> [23.82.128.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.128.108/; sid:900607906; rev:1;) alert tcp $HOME_NET any -> [103.134.85.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.134.85.85/; sid:900607907; rev:1;) alert tcp $HOME_NET any -> [194.76.227.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.76.227.98/; sid:900607909; rev:1;) alert tcp $HOME_NET any -> [103.208.86.235] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.235/; sid:900607910; rev:1;) alert tcp $HOME_NET any -> [103.208.86.205] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.205/; sid:900607911; rev:1;) alert tcp $HOME_NET any -> [103.208.86.211] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.211/; sid:900607912; rev:1;) alert tcp $HOME_NET any -> [103.208.86.234] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.234/; sid:900607913; rev:1;) alert tcp $HOME_NET any -> [103.208.86.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.112/; sid:900607914; rev:1;) alert tcp $HOME_NET any -> [5.2.70.80] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.70.80/; sid:900607915; rev:1;) alert tcp $HOME_NET any -> [64.231.96.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.96.211/; sid:900607917; rev:1;) alert tcp $HOME_NET any -> [75.67.73.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.73.144/; sid:900607918; rev:1;) alert tcp $HOME_NET any -> [37.211.176.26] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.176.26/; sid:900607919; rev:1;) alert tcp $HOME_NET any -> [2.50.41.69] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.41.69/; sid:900607920; rev:1;) alert tcp $HOME_NET any -> [37.210.157.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.157.12/; sid:900607921; rev:1;) alert tcp $HOME_NET any -> [217.164.115.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.115.166/; sid:900607922; rev:1;) alert tcp $HOME_NET any -> [78.87.41.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.41.5/; sid:900607923; rev:1;) alert tcp $HOME_NET any -> [70.51.137.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.204/; sid:900607924; rev:1;) alert tcp $HOME_NET any -> [100.1.108.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.108.246/; sid:900607925; rev:1;) alert tcp $HOME_NET any -> [70.45.27.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.27.254/; sid:900607926; rev:1;) alert tcp $HOME_NET any -> [181.118.183.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.28/; sid:900607927; rev:1;) alert tcp $HOME_NET any -> [39.44.150.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.150.120/; sid:900607928; rev:1;) alert tcp $HOME_NET any -> [103.17.101.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.17.101.139/; sid:900607929; rev:1;) alert tcp $HOME_NET any -> [45.128.149.42] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.128.149.42/; sid:900607930; rev:1;) alert tcp $HOME_NET any -> [194.40.243.169] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.40.243.169/; sid:900607931; rev:1;) alert tcp $HOME_NET any -> [185.202.173.150] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.173.150/; sid:900607932; rev:1;) alert tcp $HOME_NET any -> [139.64.13.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.64.13.189/; sid:900607933; rev:1;) alert tcp $HOME_NET any -> [31.215.116.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.116.182/; sid:900607934; rev:1;) alert tcp $HOME_NET any -> [86.98.156.45] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.45/; sid:900607935; rev:1;) alert tcp $HOME_NET any -> [212.34.15.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.34.15.205/; sid:900607936; rev:1;) alert tcp $HOME_NET any -> [31.215.206.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.206.13/; sid:900607938; rev:1;) alert tcp $HOME_NET any -> [31.215.116.182] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.116.182/; sid:900607939; rev:1;) alert tcp $HOME_NET any -> [66.230.104.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.230.104.103/; sid:900607940; rev:1;) alert tcp $HOME_NET any -> [39.49.5.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.5.42/; sid:900607941; rev:1;) alert tcp $HOME_NET any -> [161.142.54.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.54.62/; sid:900607942; rev:1;) alert tcp $HOME_NET any -> [86.198.170.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.198.170.170/; sid:900607943; rev:1;) alert tcp $HOME_NET any -> [175.137.153.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.137.153.178/; sid:900607944; rev:1;) alert tcp $HOME_NET any -> [1.161.88.84] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.88.84/; sid:900607945; rev:1;) alert tcp $HOME_NET any -> [95.14.104.242] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.14.104.242/; sid:900607946; rev:1;) alert tcp $HOME_NET any -> [86.98.156.24] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.24/; sid:900607947; rev:1;) alert tcp $HOME_NET any -> [86.98.49.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.49.16/; sid:900607948; rev:1;) alert tcp $HOME_NET any -> [197.89.20.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.20.13/; sid:900607949; rev:1;) alert tcp $HOME_NET any -> [1.161.88.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.88.84/; sid:900607950; rev:1;) alert tcp $HOME_NET any -> [188.55.243.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.243.70/; sid:900607951; rev:1;) alert tcp $HOME_NET any -> [217.128.122.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.122.65/; sid:900607952; rev:1;) alert tcp $HOME_NET any -> [86.97.247.79] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.79/; sid:900607953; rev:1;) alert tcp $HOME_NET any -> [86.97.247.79] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.79/; sid:900607954; rev:1;) alert tcp $HOME_NET any -> [75.99.168.194] 61201 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900607955; rev:1;) alert tcp $HOME_NET any -> [47.180.172.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.172.159/; sid:900607956; rev:1;) alert tcp $HOME_NET any -> [89.211.191.219] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.191.219/; sid:900607957; rev:1;) alert tcp $HOME_NET any -> [39.49.125.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.125.85/; sid:900607958; rev:1;) alert tcp $HOME_NET any -> [47.180.172.159] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.172.159/; sid:900607959; rev:1;) alert tcp $HOME_NET any -> [196.206.66.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.206.66.89/; sid:900607960; rev:1;) alert tcp $HOME_NET any -> [75.99.168.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.168.194/; sid:900607961; rev:1;) alert tcp $HOME_NET any -> [206.217.0.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.217.0.154/; sid:900607962; rev:1;) alert tcp $HOME_NET any -> [184.149.30.83] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.30.83/; sid:900607963; rev:1;) alert tcp $HOME_NET any -> [105.184.116.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.116.32/; sid:900607964; rev:1;) alert tcp $HOME_NET any -> [208.107.221.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.221.224/; sid:900607965; rev:1;) alert tcp $HOME_NET any -> [189.146.51.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.51.56/; sid:900607966; rev:1;) alert tcp $HOME_NET any -> [45.241.208.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.208.225/; sid:900607967; rev:1;) alert tcp $HOME_NET any -> [197.92.132.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.132.79/; sid:900607968; rev:1;) alert tcp $HOME_NET any -> [102.47.31.216] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.47.31.216/; sid:900607969; rev:1;) alert tcp $HOME_NET any -> [186.64.87.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.194/; sid:900607970; rev:1;) alert tcp $HOME_NET any -> [173.174.216.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.174.216.62/; sid:900607971; rev:1;) alert tcp $HOME_NET any -> [173.220.98.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.220.98.101/; sid:900607972; rev:1;) alert tcp $HOME_NET any -> [89.211.179.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.179.202/; sid:900607973; rev:1;) alert tcp $HOME_NET any -> [176.45.252.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.252.83/; sid:900607974; rev:1;) alert tcp $HOME_NET any -> [200.104.16.99] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.104.16.99/; sid:900607975; rev:1;) alert tcp $HOME_NET any -> [177.204.115.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.204.115.148/; sid:900607976; rev:1;) alert tcp $HOME_NET any -> [86.98.11.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.11.110/; sid:900607977; rev:1;) alert tcp $HOME_NET any -> [78.101.202.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.202.183/; sid:900607978; rev:1;) alert tcp $HOME_NET any -> [82.41.63.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.41.63.217/; sid:900607979; rev:1;) alert tcp $HOME_NET any -> [180.183.99.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.99.37/; sid:900607980; rev:1;) alert tcp $HOME_NET any -> [119.158.116.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.116.122/; sid:900607981; rev:1;) alert tcp $HOME_NET any -> [116.72.55.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.55.13/; sid:900607982; rev:1;) alert tcp $HOME_NET any -> [217.164.117.243] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.243/; sid:900607983; rev:1;) alert tcp $HOME_NET any -> [217.164.117.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.243/; sid:900607984; rev:1;) alert tcp $HOME_NET any -> [5.2.67.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.67.108/; sid:900607985; rev:1;) alert tcp $HOME_NET any -> [80.92.204.176] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.92.204.176/; sid:900607986; rev:1;) alert tcp $HOME_NET any -> [137.74.104.103] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.104.103/; sid:900607987; rev:1;) alert tcp $HOME_NET any -> [217.165.146.122] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.122/; sid:900607988; rev:1;) alert tcp $HOME_NET any -> [103.87.95.131] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.95.131/; sid:900607989; rev:1;) alert tcp $HOME_NET any -> [144.202.2.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900607990; rev:1;) alert tcp $HOME_NET any -> [161.142.53.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.53.137/; sid:900607991; rev:1;) alert tcp $HOME_NET any -> [78.101.82.120] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.120/; sid:900607992; rev:1;) alert tcp $HOME_NET any -> [144.202.2.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.2.175/; sid:900607993; rev:1;) alert tcp $HOME_NET any -> [78.101.202.183] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.202.183/; sid:900607994; rev:1;) alert tcp $HOME_NET any -> [47.23.89.60] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.60/; sid:900607995; rev:1;) alert tcp $HOME_NET any -> [197.165.161.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.165.161.159/; sid:900607996; rev:1;) alert tcp $HOME_NET any -> [37.211.189.48] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.189.48/; sid:900607997; rev:1;) alert tcp $HOME_NET any -> [41.232.210.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.232.210.78/; sid:900607998; rev:1;) alert tcp $HOME_NET any -> [61.7.231.229] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.7.231.229/; sid:900607999; rev:1;) alert tcp $HOME_NET any -> [61.7.231.226] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.7.231.226/; sid:900608000; rev:1;) alert tcp $HOME_NET any -> [50.30.40.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.30.40.196/; sid:900608001; rev:1;) alert tcp $HOME_NET any -> [175.107.196.192] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.196.192/; sid:900608002; rev:1;) alert tcp $HOME_NET any -> [156.67.219.84] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.219.84/; sid:900608003; rev:1;) alert tcp $HOME_NET any -> [124.41.193.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.193.166/; sid:900608004; rev:1;) alert tcp $HOME_NET any -> [116.74.71.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.71.73/; sid:900608005; rev:1;) alert tcp $HOME_NET any -> [188.50.250.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.250.205/; sid:900608006; rev:1;) alert tcp $HOME_NET any -> [190.189.33.6] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.33.6/; sid:900608007; rev:1;) alert tcp $HOME_NET any -> [79.143.181.160] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.181.160/; sid:900608008; rev:1;) alert tcp $HOME_NET any -> [134.209.156.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.156.68/; sid:900608009; rev:1;) alert tcp $HOME_NET any -> [103.96.220.147] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.96.220.147/; sid:900608010; rev:1;) alert tcp $HOME_NET any -> [128.106.123.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.43/; sid:900608011; rev:1;) alert tcp $HOME_NET any -> [196.203.37.215] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.203.37.215/; sid:900608012; rev:1;) alert tcp $HOME_NET any -> [135.148.121.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.148.121.246/; sid:900608013; rev:1;) alert tcp $HOME_NET any -> [213.190.4.223] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.190.4.223/; sid:900608014; rev:1;) alert tcp $HOME_NET any -> [159.65.253.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.253.201/; sid:900608015; rev:1;) alert tcp $HOME_NET any -> [150.95.20.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900608016; rev:1;) alert tcp $HOME_NET any -> [103.44.138.22] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.44.138.22/; sid:900608017; rev:1;) alert tcp $HOME_NET any -> [46.41.130.218] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900608018; rev:1;) alert tcp $HOME_NET any -> [130.164.206.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.206.70/; sid:900608019; rev:1;) alert tcp $HOME_NET any -> [153.126.203.229] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900608020; rev:1;) alert tcp $HOME_NET any -> [138.185.72.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.72.26/; sid:900608021; rev:1;) alert tcp $HOME_NET any -> [45.71.195.106] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.71.195.106/; sid:900608022; rev:1;) alert tcp $HOME_NET any -> [68.183.62.61] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.62.61/; sid:900608023; rev:1;) alert tcp $HOME_NET any -> [46.176.197.48] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.197.48/; sid:900608024; rev:1;) alert tcp $HOME_NET any -> [5.252.177.62] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.177.62/; sid:900608025; rev:1;) alert tcp $HOME_NET any -> [169.197.131.16] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.197.131.16/; sid:900608026; rev:1;) alert tcp $HOME_NET any -> [195.154.253.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.253.60/; sid:900608027; rev:1;) alert tcp $HOME_NET any -> [152.89.239.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.239.34/; sid:900608028; rev:1;) alert tcp $HOME_NET any -> [47.158.25.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.158.25.67/; sid:900608029; rev:1;) alert tcp $HOME_NET any -> [185.244.166.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.166.137/; sid:900608030; rev:1;) alert tcp $HOME_NET any -> [70.57.207.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.207.83/; sid:900608031; rev:1;) alert tcp $HOME_NET any -> [136.243.32.168] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.32.168/; sid:900608032; rev:1;) alert tcp $HOME_NET any -> [198.211.51.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.211.51.201/; sid:900608033; rev:1;) alert tcp $HOME_NET any -> [81.213.206.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.206.182/; sid:900608034; rev:1;) alert tcp $HOME_NET any -> [103.230.180.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.230.180.119/; sid:900608035; rev:1;) alert tcp $HOME_NET any -> [5.88.12.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.12.21/; sid:900608036; rev:1;) alert tcp $HOME_NET any -> [193.253.44.249] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.44.249/; sid:900608037; rev:1;) alert tcp $HOME_NET any -> [176.110.96.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.110.96.225/; sid:900608038; rev:1;) alert tcp $HOME_NET any -> [76.70.9.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.70.9.169/; sid:900608039; rev:1;) alert tcp $HOME_NET any -> [89.211.185.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.185.240/; sid:900608040; rev:1;) alert tcp $HOME_NET any -> [31.215.84.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.84.57/; sid:900608041; rev:1;) alert tcp $HOME_NET any -> [2.50.27.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.27.78/; sid:900608042; rev:1;) alert tcp $HOME_NET any -> [78.100.194.138] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.194.138/; sid:900608043; rev:1;) alert tcp $HOME_NET any -> [139.228.65.100] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.228.65.100/; sid:900608044; rev:1;) alert tcp $HOME_NET any -> [220.129.52.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.129.52.36/; sid:900608045; rev:1;) alert tcp $HOME_NET any -> [41.43.13.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.43.13.54/; sid:900608046; rev:1;) alert tcp $HOME_NET any -> [76.69.155.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.155.202/; sid:900608047; rev:1;) alert tcp $HOME_NET any -> [189.253.111.123] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.111.123/; sid:900608048; rev:1;) alert tcp $HOME_NET any -> [70.51.153.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.159/; sid:900608049; rev:1;) alert tcp $HOME_NET any -> [105.184.249.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.249.182/; sid:900608050; rev:1;) alert tcp $HOME_NET any -> [216.46.32.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.46.32.83/; sid:900608051; rev:1;) alert tcp $HOME_NET any -> [201.103.17.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.17.10/; sid:900608052; rev:1;) alert tcp $HOME_NET any -> [208.101.87.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.101.87.135/; sid:900608053; rev:1;) alert tcp $HOME_NET any -> [78.191.34.56] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.34.56/; sid:900608054; rev:1;) alert tcp $HOME_NET any -> [47.156.191.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.191.217/; sid:900608055; rev:1;) alert tcp $HOME_NET any -> [141.237.140.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.140.181/; sid:900608056; rev:1;) alert tcp $HOME_NET any -> [168.235.104.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.104.209/; sid:900608057; rev:1;) alert tcp $HOME_NET any -> [121.74.187.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.187.191/; sid:900608058; rev:1;) alert tcp $HOME_NET any -> [58.105.167.35] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.105.167.35/; sid:900608059; rev:1;) alert tcp $HOME_NET any -> [128.106.122.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.206/; sid:900608060; rev:1;) alert tcp $HOME_NET any -> [39.41.139.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.139.127/; sid:900608061; rev:1;) alert tcp $HOME_NET any -> [180.183.100.147] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.100.147/; sid:900608062; rev:1;) alert tcp $HOME_NET any -> [39.52.38.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.38.109/; sid:900608063; rev:1;) alert tcp $HOME_NET any -> [86.98.156.238] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.238/; sid:900608064; rev:1;) alert tcp $HOME_NET any -> [39.44.124.140] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.124.140/; sid:900608065; rev:1;) alert tcp $HOME_NET any -> [197.89.109.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.221/; sid:900608066; rev:1;) alert tcp $HOME_NET any -> [75.67.194.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.194.204/; sid:900608067; rev:1;) alert tcp $HOME_NET any -> [167.86.202.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.202.26/; sid:900608068; rev:1;) alert tcp $HOME_NET any -> [197.167.46.225] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.46.225/; sid:900608069; rev:1;) alert tcp $HOME_NET any -> [197.167.46.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.46.225/; sid:900608070; rev:1;) alert tcp $HOME_NET any -> [197.164.171.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.171.102/; sid:900608071; rev:1;) alert tcp $HOME_NET any -> [80.14.188.219] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.14.188.219/; sid:900608072; rev:1;) alert tcp $HOME_NET any -> [39.49.63.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.63.64/; sid:900608073; rev:1;) alert tcp $HOME_NET any -> [39.44.58.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.58.183/; sid:900608074; rev:1;) alert tcp $HOME_NET any -> [80.123.141.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.123.141.226/; sid:900608075; rev:1;) alert tcp $HOME_NET any -> [63.153.150.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.150.20/; sid:900608076; rev:1;) alert tcp $HOME_NET any -> [102.156.225.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.225.86/; sid:900608077; rev:1;) alert tcp $HOME_NET any -> [86.97.247.128] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.128/; sid:900608078; rev:1;) alert tcp $HOME_NET any -> [86.97.247.128] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.128/; sid:900608079; rev:1;) alert tcp $HOME_NET any -> [151.69.0.8] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.69.0.8/; sid:900608080; rev:1;) alert tcp $HOME_NET any -> [176.45.240.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.240.198/; sid:900608081; rev:1;) alert tcp $HOME_NET any -> [105.157.113.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.157.113.234/; sid:900608082; rev:1;) alert tcp $HOME_NET any -> [80.11.74.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.74.81/; sid:900608083; rev:1;) alert tcp $HOME_NET any -> [176.88.238.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.88.238.122/; sid:900608084; rev:1;) alert tcp $HOME_NET any -> [186.64.67.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.40/; sid:900608085; rev:1;) alert tcp $HOME_NET any -> [102.140.70.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.70.201/; sid:900608086; rev:1;) alert tcp $HOME_NET any -> [24.55.67.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.67.176/; sid:900608087; rev:1;) alert tcp $HOME_NET any -> [209.15.236.39] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.15.236.39/; sid:900608089; rev:1;) alert tcp $HOME_NET any -> [162.244.80.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.80.68/; sid:900608090; rev:1;) alert tcp $HOME_NET any -> [168.119.39.118] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.119.39.118/; sid:900608091; rev:1;) alert tcp $HOME_NET any -> [207.99.27.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.99.27.28/; sid:900608092; rev:1;) alert tcp $HOME_NET any -> [147.139.134.226] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.139.134.226/; sid:900608093; rev:1;) alert tcp $HOME_NET any -> [191.99.191.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.191.28/; sid:900608094; rev:1;) alert tcp $HOME_NET any -> [118.189.242.45] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.189.242.45/; sid:900608095; rev:1;) alert tcp $HOME_NET any -> [118.161.12.23] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.12.23/; sid:900608096; rev:1;) alert tcp $HOME_NET any -> [111.125.245.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.245.118/; sid:900608097; rev:1;) alert tcp $HOME_NET any -> [31.215.70.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.101/; sid:900608098; rev:1;) alert tcp $HOME_NET any -> [81.229.130.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.229.130.188/; sid:900608099; rev:1;) alert tcp $HOME_NET any -> [186.69.101.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.69.101.54/; sid:900608100; rev:1;) alert tcp $HOME_NET any -> [91.177.173.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.177.173.10/; sid:900608101; rev:1;) alert tcp $HOME_NET any -> [2.50.37.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.37.117/; sid:900608102; rev:1;) alert tcp $HOME_NET any -> [176.57.126.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.57.126.138/; sid:900608103; rev:1;) alert tcp $HOME_NET any -> [86.98.149.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.149.6/; sid:900608104; rev:1;) alert tcp $HOME_NET any -> [188.50.5.129] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.5.129/; sid:900608105; rev:1;) alert tcp $HOME_NET any -> [98.17.34.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.17.34.83/; sid:900608106; rev:1;) alert tcp $HOME_NET any -> [217.164.117.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.158/; sid:900608107; rev:1;) alert tcp $HOME_NET any -> [92.99.229.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.229.158/; sid:900608108; rev:1;) alert tcp $HOME_NET any -> [47.156.131.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.131.10/; sid:900608109; rev:1;) alert tcp $HOME_NET any -> [139.180.205.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.180.205.161/; sid:900608110; rev:1;) alert tcp $HOME_NET any -> [72.12.115.90] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.115.90/; sid:900608111; rev:1;) alert tcp $HOME_NET any -> [217.182.143.207] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.143.207/; sid:900608112; rev:1;) alert tcp $HOME_NET any -> [209.126.98.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.98.206/; sid:900608113; rev:1;) alert tcp $HOME_NET any -> [186.250.48.5] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.5/; sid:900608114; rev:1;) alert tcp $HOME_NET any -> [119.158.98.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.98.225/; sid:900608115; rev:1;) alert tcp $HOME_NET any -> [118.161.12.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.12.23/; sid:900608116; rev:1;) alert tcp $HOME_NET any -> [183.82.103.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.103.213/; sid:900608117; rev:1;) alert tcp $HOME_NET any -> [89.249.215.26] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.249.215.26/; sid:900608118; rev:1;) alert tcp $HOME_NET any -> [5.95.58.211] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.95.58.211/; sid:900608119; rev:1;) alert tcp $HOME_NET any -> [51.254.140.238] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900608120; rev:1;) alert tcp $HOME_NET any -> [103.75.201.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.2/; sid:900608121; rev:1;) alert tcp $HOME_NET any -> [119.235.255.201] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.235.255.201/; sid:900608122; rev:1;) alert tcp $HOME_NET any -> [197.2.10.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.10.67/; sid:900608123; rev:1;) alert tcp $HOME_NET any -> [39.49.3.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.3.69/; sid:900608124; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900608125; rev:1;) alert tcp $HOME_NET any -> [172.114.160.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.160.81/; sid:900608126; rev:1;) alert tcp $HOME_NET any -> [86.195.158.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.158.178/; sid:900608127; rev:1;) alert tcp $HOME_NET any -> [94.59.139.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.139.37/; sid:900608128; rev:1;) alert tcp $HOME_NET any -> [173.170.224.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.170.224.168/; sid:900608129; rev:1;) alert tcp $HOME_NET any -> [105.225.173.49] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.173.49/; sid:900608130; rev:1;) alert tcp $HOME_NET any -> [201.170.176.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.176.129/; sid:900608131; rev:1;) alert tcp $HOME_NET any -> [70.46.220.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.220.114/; sid:900608132; rev:1;) alert tcp $HOME_NET any -> [210.246.4.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.246.4.69/; sid:900608133; rev:1;) alert tcp $HOME_NET any -> [162.241.79.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.79.26/; sid:900608134; rev:1;) alert tcp $HOME_NET any -> [186.250.48.117] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900608135; rev:1;) alert tcp $HOME_NET any -> [128.106.123.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.103/; sid:900608136; rev:1;) alert tcp $HOME_NET any -> [64.231.210.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.210.71/; sid:900608138; rev:1;) alert tcp $HOME_NET any -> [197.89.17.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.163/; sid:900608139; rev:1;) alert tcp $HOME_NET any -> [177.87.70.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.70.10/; sid:900608140; rev:1;) alert tcp $HOME_NET any -> [176.56.128.118] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.56.128.118/; sid:900608141; rev:1;) alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900608142; rev:1;) alert tcp $HOME_NET any -> [86.139.33.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.33.187/; sid:900608143; rev:1;) alert tcp $HOME_NET any -> [144.86.64.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.86.64.220/; sid:900608144; rev:1;) alert tcp $HOME_NET any -> [86.98.148.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.148.83/; sid:900608145; rev:1;) alert tcp $HOME_NET any -> [175.145.235.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.145.235.37/; sid:900608147; rev:1;) alert tcp $HOME_NET any -> [51.75.33.122] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.122/; sid:900608148; rev:1;) alert tcp $HOME_NET any -> [72.27.73.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.73.206/; sid:900608149; rev:1;) alert tcp $HOME_NET any -> [75.159.9.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.9.236/; sid:900608150; rev:1;) alert tcp $HOME_NET any -> [217.165.122.227] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.122.227/; sid:900608151; rev:1;) alert tcp $HOME_NET any -> [186.10.247.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.247.110/; sid:900608152; rev:1;) alert tcp $HOME_NET any -> [217.165.79.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.79.31/; sid:900608153; rev:1;) alert tcp $HOME_NET any -> [207.170.238.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.170.238.231/; sid:900608154; rev:1;) alert tcp $HOME_NET any -> [24.43.99.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.99.75/; sid:900608155; rev:1;) alert tcp $HOME_NET any -> [47.23.89.61] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.61/; sid:900608156; rev:1;) alert tcp $HOME_NET any -> [47.23.89.61] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.61/; sid:900608157; rev:1;) alert tcp $HOME_NET any -> [217.165.79.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.79.31/; sid:900608158; rev:1;) alert tcp $HOME_NET any -> [69.159.200.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.200.138/; sid:900608159; rev:1;) alert tcp $HOME_NET any -> [119.158.105.8] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.105.8/; sid:900608160; rev:1;) alert tcp $HOME_NET any -> [118.161.37.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.138/; sid:900608161; rev:1;) alert tcp $HOME_NET any -> [217.165.85.106] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.106/; sid:900608162; rev:1;) alert tcp $HOME_NET any -> [217.165.68.124] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.124/; sid:900608163; rev:1;) alert tcp $HOME_NET any -> [118.161.37.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.138/; sid:900608164; rev:1;) alert tcp $HOME_NET any -> [86.97.209.65] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.209.65/; sid:900608165; rev:1;) alert tcp $HOME_NET any -> [197.89.109.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.129/; sid:900608166; rev:1;) alert tcp $HOME_NET any -> [105.186.100.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.100.243/; sid:900608167; rev:1;) alert tcp $HOME_NET any -> [197.164.168.41] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.168.41/; sid:900608168; rev:1;) alert tcp $HOME_NET any -> [197.37.66.133] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.37.66.133/; sid:900608169; rev:1;) alert tcp $HOME_NET any -> [39.52.217.44] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.217.44/; sid:900608170; rev:1;) alert tcp $HOME_NET any -> [187.59.18.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.59.18.65/; sid:900608171; rev:1;) alert tcp $HOME_NET any -> [191.112.19.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.19.94/; sid:900608172; rev:1;) alert tcp $HOME_NET any -> [162.214.118.104] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.118.104/; sid:900608173; rev:1;) alert tcp $HOME_NET any -> [217.182.143.248] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.143.248/; sid:900608174; rev:1;) alert tcp $HOME_NET any -> [146.59.226.45] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.226.45/; sid:900608175; rev:1;) alert tcp $HOME_NET any -> [185.4.135.27] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.27/; sid:900608176; rev:1;) alert tcp $HOME_NET any -> [192.99.251.50] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.251.50/; sid:900608177; rev:1;) alert tcp $HOME_NET any -> [187.170.7.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.170.7.81/; sid:900608178; rev:1;) alert tcp $HOME_NET any -> [189.253.32.61] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.32.61/; sid:900608179; rev:1;) alert tcp $HOME_NET any -> [176.253.27.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.253.27.51/; sid:900608180; rev:1;) alert tcp $HOME_NET any -> [217.79.180.211] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.180.211/; sid:900608181; rev:1;) alert tcp $HOME_NET any -> [51.210.176.76] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.176.76/; sid:900608182; rev:1;) alert tcp $HOME_NET any -> [104.251.215.148] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.251.215.148/; sid:900608183; rev:1;) alert tcp $HOME_NET any -> [24.152.37.138] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.37.138/; sid:900608184; rev:1;) alert tcp $HOME_NET any -> [45.63.1.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900608185; rev:1;) alert tcp $HOME_NET any -> [149.28.238.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900608186; rev:1;) alert tcp $HOME_NET any -> [45.76.167.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900608187; rev:1;) alert tcp $HOME_NET any -> [144.202.3.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900608188; rev:1;) alert tcp $HOME_NET any -> [144.202.3.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.3.39/; sid:900608189; rev:1;) alert tcp $HOME_NET any -> [149.28.238.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.238.199/; sid:900608190; rev:1;) alert tcp $HOME_NET any -> [45.63.1.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.1.12/; sid:900608191; rev:1;) alert tcp $HOME_NET any -> [45.76.167.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.167.26/; sid:900608192; rev:1;) alert tcp $HOME_NET any -> [140.82.63.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900608193; rev:1;) alert tcp $HOME_NET any -> [140.82.63.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.82.63.183/; sid:900608194; rev:1;) alert tcp $HOME_NET any -> [139.64.13.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.64.13.51/; sid:900608195; rev:1;) alert tcp $HOME_NET any -> [79.167.199.210] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.199.210/; sid:900608196; rev:1;) alert tcp $HOME_NET any -> [78.100.194.196] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.194.196/; sid:900608197; rev:1;) alert tcp $HOME_NET any -> [72.76.94.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.76.94.99/; sid:900608198; rev:1;) alert tcp $HOME_NET any -> [70.51.139.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.139.58/; sid:900608199; rev:1;) alert tcp $HOME_NET any -> [201.170.181.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.181.247/; sid:900608200; rev:1;) alert tcp $HOME_NET any -> [105.187.31.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.187.31.228/; sid:900608201; rev:1;) alert tcp $HOME_NET any -> [83.110.153.238] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.153.238/; sid:900608202; rev:1;) alert tcp $HOME_NET any -> [176.45.218.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.218.254/; sid:900608203; rev:1;) alert tcp $HOME_NET any -> [89.211.187.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.187.132/; sid:900608204; rev:1;) alert tcp $HOME_NET any -> [128.106.122.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.181/; sid:900608205; rev:1;) alert tcp $HOME_NET any -> [1.161.97.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.97.158/; sid:900608206; rev:1;) alert tcp $HOME_NET any -> [1.161.97.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.97.158/; sid:900608207; rev:1;) alert tcp $HOME_NET any -> [83.110.218.135] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.135/; sid:900608208; rev:1;) alert tcp $HOME_NET any -> [86.97.209.134] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.209.134/; sid:900608209; rev:1;) alert tcp $HOME_NET any -> [197.237.74.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.237.74.185/; sid:900608210; rev:1;) alert tcp $HOME_NET any -> [41.130.133.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.130.133.118/; sid:900608211; rev:1;) alert tcp $HOME_NET any -> [103.51.26.157] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.51.26.157/; sid:900608212; rev:1;) alert tcp $HOME_NET any -> [39.44.188.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.188.102/; sid:900608213; rev:1;) alert tcp $HOME_NET any -> [5.32.41.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.41.45/; sid:900608214; rev:1;) alert tcp $HOME_NET any -> [41.205.12.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.205.12.24/; sid:900608215; rev:1;) alert tcp $HOME_NET any -> [188.55.223.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.223.134/; sid:900608216; rev:1;) alert tcp $HOME_NET any -> [187.199.203.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.203.159/; sid:900608217; rev:1;) alert tcp $HOME_NET any -> [177.207.67.234] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.67.234/; sid:900608218; rev:1;) alert tcp $HOME_NET any -> [90.74.16.2] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.74.16.2/; sid:900608219; rev:1;) alert tcp $HOME_NET any -> [31.215.70.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.127/; sid:900608220; rev:1;) alert tcp $HOME_NET any -> [47.23.89.58] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.58/; sid:900608221; rev:1;) alert tcp $HOME_NET any -> [47.23.89.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.58/; sid:900608222; rev:1;) alert tcp $HOME_NET any -> [32.221.225.247] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.225.247/; sid:900608223; rev:1;) alert tcp $HOME_NET any -> [102.184.187.50] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.184.187.50/; sid:900608224; rev:1;) alert tcp $HOME_NET any -> [108.60.213.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.60.213.141/; sid:900608225; rev:1;) alert tcp $HOME_NET any -> [105.186.127.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.127.127/; sid:900608226; rev:1;) alert tcp $HOME_NET any -> [102.65.38.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.77/; sid:900608227; rev:1;) alert tcp $HOME_NET any -> [177.207.67.234] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.67.234/; sid:900608228; rev:1;) alert tcp $HOME_NET any -> [86.184.85.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.184.85.199/; sid:900608229; rev:1;) alert tcp $HOME_NET any -> [201.145.160.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.160.158/; sid:900608230; rev:1;) alert tcp $HOME_NET any -> [177.96.102.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.96.102.51/; sid:900608231; rev:1;) alert tcp $HOME_NET any -> [203.212.24.90] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.212.24.90/; sid:900608232; rev:1;) alert tcp $HOME_NET any -> [151.106.39.36] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.106.39.36/; sid:900608234; rev:1;) alert tcp $HOME_NET any -> [167.86.122.137] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.122.137/; sid:900608235; rev:1;) alert tcp $HOME_NET any -> [172.104.22.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.22.23/; sid:900608236; rev:1;) alert tcp $HOME_NET any -> [82.165.145.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900608237; rev:1;) alert tcp $HOME_NET any -> [80.241.218.90] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.218.90/; sid:900608238; rev:1;) alert tcp $HOME_NET any -> [78.100.227.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.227.241/; sid:900608239; rev:1;) alert tcp $HOME_NET any -> [88.250.126.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.126.28/; sid:900608240; rev:1;) alert tcp $HOME_NET any -> [39.49.32.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.32.57/; sid:900608241; rev:1;) alert tcp $HOME_NET any -> [86.98.27.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.27.253/; sid:900608242; rev:1;) alert tcp $HOME_NET any -> [217.164.119.130] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.130/; sid:900608243; rev:1;) alert tcp $HOME_NET any -> [114.24.93.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.24.93.121/; sid:900608244; rev:1;) alert tcp $HOME_NET any -> [86.97.8.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.82/; sid:900608245; rev:1;) alert tcp $HOME_NET any -> [83.110.154.202] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.154.202/; sid:900608246; rev:1;) alert tcp $HOME_NET any -> [130.164.154.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.164.154.59/; sid:900608247; rev:1;) alert tcp $HOME_NET any -> [161.142.56.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.56.113/; sid:900608248; rev:1;) alert tcp $HOME_NET any -> [197.37.7.47] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.37.7.47/; sid:900608249; rev:1;) alert tcp $HOME_NET any -> [70.51.135.39] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.135.39/; sid:900608250; rev:1;) alert tcp $HOME_NET any -> [79.143.186.143] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900608251; rev:1;) alert tcp $HOME_NET any -> [217.165.97.124] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.97.124/; sid:900608252; rev:1;) alert tcp $HOME_NET any -> [186.64.87.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.236/; sid:900608253; rev:1;) alert tcp $HOME_NET any -> [47.23.89.59] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.59/; sid:900608254; rev:1;) alert tcp $HOME_NET any -> [47.23.89.59] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.59/; sid:900608255; rev:1;) alert tcp $HOME_NET any -> [213.32.75.32] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.75.32/; sid:900608256; rev:1;) alert tcp $HOME_NET any -> [191.252.1.14] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.1.14/; sid:900608257; rev:1;) alert tcp $HOME_NET any -> [54.36.185.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.185.63/; sid:900608258; rev:1;) alert tcp $HOME_NET any -> [103.253.145.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.145.28/; sid:900608259; rev:1;) alert tcp $HOME_NET any -> [113.11.89.170] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.89.170/; sid:900608260; rev:1;) alert tcp $HOME_NET any -> [197.89.109.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.218/; sid:900608261; rev:1;) alert tcp $HOME_NET any -> [217.164.119.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.130/; sid:900608262; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608263; rev:1;) alert tcp $HOME_NET any -> [45.241.168.197] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.168.197/; sid:900608264; rev:1;) alert tcp $HOME_NET any -> [47.51.47.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.51.47.182/; sid:900608265; rev:1;) alert tcp $HOME_NET any -> [37.186.54.166] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.166/; sid:900608266; rev:1;) alert tcp $HOME_NET any -> [2.34.12.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.34.12.8/; sid:900608267; rev:1;) alert tcp $HOME_NET any -> [41.130.134.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.130.134.201/; sid:900608268; rev:1;) alert tcp $HOME_NET any -> [195.32.57.18] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.32.57.18/; sid:900608269; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608270; rev:1;) alert tcp $HOME_NET any -> [209.180.70.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.180.70.25/; sid:900608271; rev:1;) alert tcp $HOME_NET any -> [41.84.243.150] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.243.150/; sid:900608272; rev:1;) alert tcp $HOME_NET any -> [177.207.108.236] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.108.236/; sid:900608273; rev:1;) alert tcp $HOME_NET any -> [39.49.71.173] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.71.173/; sid:900608274; rev:1;) alert tcp $HOME_NET any -> [1.161.80.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.70/; sid:900608275; rev:1;) alert tcp $HOME_NET any -> [177.207.108.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.207.108.236/; sid:900608276; rev:1;) alert tcp $HOME_NET any -> [201.172.31.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.31.135/; sid:900608277; rev:1;) alert tcp $HOME_NET any -> [191.112.22.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.22.95/; sid:900608278; rev:1;) alert tcp $HOME_NET any -> [141.237.90.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.90.158/; sid:900608279; rev:1;) alert tcp $HOME_NET any -> [148.64.96.100] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.64.96.100/; sid:900608280; rev:1;) alert tcp $HOME_NET any -> [39.33.151.166] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.151.166/; sid:900608281; rev:1;) alert tcp $HOME_NET any -> [45.76.1.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.1.145/; sid:900608282; rev:1;) alert tcp $HOME_NET any -> [217.182.25.250] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.25.250/; sid:900608283; rev:1;) alert tcp $HOME_NET any -> [119.193.124.41] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.193.124.41/; sid:900608284; rev:1;) alert tcp $HOME_NET any -> [165.22.61.235] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.61.235/; sid:900608285; rev:1;) alert tcp $HOME_NET any -> [121.78.112.42] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.78.112.42/; sid:900608286; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900608287; rev:1;) alert tcp $HOME_NET any -> [128.106.123.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.123.180/; sid:900608288; rev:1;) alert tcp $HOME_NET any -> [39.44.151.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.151.33/; sid:900608289; rev:1;) alert tcp $HOME_NET any -> [185.184.25.234] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900608290; rev:1;) alert tcp $HOME_NET any -> [116.125.120.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.125.120.88/; sid:900608291; rev:1;) alert tcp $HOME_NET any -> [129.208.30.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.30.2/; sid:900608292; rev:1;) alert tcp $HOME_NET any -> [79.33.90.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.33.90.109/; sid:900608293; rev:1;) alert tcp $HOME_NET any -> [102.140.70.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.70.139/; sid:900608294; rev:1;) alert tcp $HOME_NET any -> [47.23.89.62] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900608295; rev:1;) alert tcp $HOME_NET any -> [47.23.89.62] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.89.62/; sid:900608296; rev:1;) alert tcp $HOME_NET any -> [172.115.177.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.177.204/; sid:900608297; rev:1;) alert tcp $HOME_NET any -> [174.69.215.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.69.215.101/; sid:900608298; rev:1;) alert tcp $HOME_NET any -> [201.103.6.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.6.221/; sid:900608299; rev:1;) alert tcp $HOME_NET any -> [1.161.80.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.70/; sid:900608300; rev:1;) alert tcp $HOME_NET any -> [217.165.109.52] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.52/; sid:900608301; rev:1;) alert tcp $HOME_NET any -> [197.89.8.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.135/; sid:900608302; rev:1;) alert tcp $HOME_NET any -> [2.42.176.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.42.176.91/; sid:900608303; rev:1;) alert tcp $HOME_NET any -> [180.129.97.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.97.57/; sid:900608304; rev:1;) alert tcp $HOME_NET any -> [197.167.5.180] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.5.180/; sid:900608305; rev:1;) alert tcp $HOME_NET any -> [131.154.102.171] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.154.102.171/; sid:900608306; rev:1;) alert tcp $HOME_NET any -> [5.81.177.71] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.81.177.71/; sid:900608307; rev:1;) alert tcp $HOME_NET any -> [201.22.44.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.22.44.214/; sid:900608308; rev:1;) alert tcp $HOME_NET any -> [47.145.130.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.145.130.171/; sid:900608309; rev:1;) alert tcp $HOME_NET any -> [39.41.189.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.189.204/; sid:900608310; rev:1;) alert tcp $HOME_NET any -> [110.143.139.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.139.163/; sid:900608311; rev:1;) alert tcp $HOME_NET any -> [45.239.129.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.129.13/; sid:900608312; rev:1;) alert tcp $HOME_NET any -> [189.237.6.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.6.251/; sid:900608313; rev:1;) alert tcp $HOME_NET any -> [82.51.28.59] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.51.28.59/; sid:900608314; rev:1;) alert tcp $HOME_NET any -> [76.106.248.8] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.106.248.8/; sid:900608315; rev:1;) alert tcp $HOME_NET any -> [149.56.128.192] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.128.192/; sid:900608316; rev:1;) alert tcp $HOME_NET any -> [120.50.40.183] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.50.40.183/; sid:900608317; rev:1;) alert tcp $HOME_NET any -> [160.16.218.63] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.218.63/; sid:900608318; rev:1;) alert tcp $HOME_NET any -> [80.211.107.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.107.116/; sid:900608319; rev:1;) alert tcp $HOME_NET any -> [188.166.229.148] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.229.148/; sid:900608320; rev:1;) alert tcp $HOME_NET any -> [128.106.122.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.122.216/; sid:900608321; rev:1;) alert tcp $HOME_NET any -> [103.88.226.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.88.226.82/; sid:900608322; rev:1;) alert tcp $HOME_NET any -> [77.211.24.73] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.211.24.73/; sid:900608323; rev:1;) alert tcp $HOME_NET any -> [86.131.118.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.131.118.124/; sid:900608326; rev:1;) alert tcp $HOME_NET any -> [120.61.1.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.1.53/; sid:900608328; rev:1;) alert tcp $HOME_NET any -> [138.197.90.158] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.90.158/; sid:900608329; rev:1;) alert tcp $HOME_NET any -> [109.160.96.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.160.96.230/; sid:900608330; rev:1;) alert tcp $HOME_NET any -> [103.85.160.5] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.85.160.5/; sid:900608331; rev:1;) alert tcp $HOME_NET any -> [79.52.204.9] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.52.204.9/; sid:900608332; rev:1;) alert tcp $HOME_NET any -> [40.134.246.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.246.185/; sid:900608333; rev:1;) alert tcp $HOME_NET any -> [78.188.76.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.76.167/; sid:900608334; rev:1;) alert tcp $HOME_NET any -> [200.100.246.85] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.100.246.85/; sid:900608335; rev:1;) alert tcp $HOME_NET any -> [202.134.152.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.152.2/; sid:900608336; rev:1;) alert tcp $HOME_NET any -> [161.142.56.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.56.8/; sid:900608337; rev:1;) alert tcp $HOME_NET any -> [37.152.80.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.80.105/; sid:900608338; rev:1;) alert tcp $HOME_NET any -> [102.140.71.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.40/; sid:900608339; rev:1;) alert tcp $HOME_NET any -> [188.50.49.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.49.149/; sid:900608340; rev:1;) alert tcp $HOME_NET any -> [197.92.138.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.138.54/; sid:900608341; rev:1;) alert tcp $HOME_NET any -> [143.0.34.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.34.185/; sid:900608342; rev:1;) alert tcp $HOME_NET any -> [177.134.208.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.134.208.155/; sid:900608343; rev:1;) alert tcp $HOME_NET any -> [31.215.69.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.127/; sid:900608344; rev:1;) alert tcp $HOME_NET any -> [51.91.76.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900608345; rev:1;) alert tcp $HOME_NET any -> [173.254.208.91] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.254.208.91/; sid:900608346; rev:1;) alert tcp $HOME_NET any -> [121.74.182.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.182.236/; sid:900608347; rev:1;) alert tcp $HOME_NET any -> [79.172.212.216] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.212.216/; sid:900608348; rev:1;) alert tcp $HOME_NET any -> [58.227.42.236] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.227.42.236/; sid:900608349; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900608350; rev:1;) alert tcp $HOME_NET any -> [206.188.212.92] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.212.92/; sid:900608351; rev:1;) alert tcp $HOME_NET any -> [78.31.66.214] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.31.66.214/; sid:900608352; rev:1;) alert tcp $HOME_NET any -> [134.209.240.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.102/; sid:900608353; rev:1;) alert tcp $HOME_NET any -> [178.79.146.220] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.146.220/; sid:900608354; rev:1;) alert tcp $HOME_NET any -> [191.252.204.81] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.204.81/; sid:900608355; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 8082 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900608356; rev:1;) alert tcp $HOME_NET any -> [142.93.214.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.214.232/; sid:900608357; rev:1;) alert tcp $HOME_NET any -> [165.22.246.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.246.219/; sid:900608358; rev:1;) alert tcp $HOME_NET any -> [54.38.143.246] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900608359; rev:1;) alert tcp $HOME_NET any -> [202.29.239.162] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.162/; sid:900608360; rev:1;) alert tcp $HOME_NET any -> [217.164.118.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.117/; sid:900608393; rev:1;) alert tcp $HOME_NET any -> [197.161.137.196] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.137.196/; sid:900608394; rev:1;) alert tcp $HOME_NET any -> [86.98.208.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.208.214/; sid:900608395; rev:1;) alert tcp $HOME_NET any -> [83.110.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.85.209/; sid:900608396; rev:1;) alert tcp $HOME_NET any -> [203.122.46.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.46.130/; sid:900608397; rev:1;) alert tcp $HOME_NET any -> [83.110.85.209] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.85.209/; sid:900608398; rev:1;) alert tcp $HOME_NET any -> [201.172.231.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.231.204/; sid:900608399; rev:1;) alert tcp $HOME_NET any -> [217.164.118.117] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.117/; sid:900608400; rev:1;) alert tcp $HOME_NET any -> [81.132.186.248] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.132.186.248/; sid:900608401; rev:1;) alert tcp $HOME_NET any -> [197.89.109.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.109.60/; sid:900608402; rev:1;) alert tcp $HOME_NET any -> [81.60.216.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.216.223/; sid:900608403; rev:1;) alert tcp $HOME_NET any -> [201.145.226.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.226.223/; sid:900608404; rev:1;) alert tcp $HOME_NET any -> [179.178.78.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.178.78.112/; sid:900608405; rev:1;) alert tcp $HOME_NET any -> [105.225.175.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.175.168/; sid:900608407; rev:1;) alert tcp $HOME_NET any -> [1.161.80.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.99/; sid:900608408; rev:1;) alert tcp $HOME_NET any -> [217.165.85.224] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.224/; sid:900608409; rev:1;) alert tcp $HOME_NET any -> [1.161.80.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.80.99/; sid:900608410; rev:1;) alert tcp $HOME_NET any -> [45.241.207.212] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.207.212/; sid:900608411; rev:1;) alert tcp $HOME_NET any -> [98.96.186.171] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.96.186.171/; sid:900608412; rev:1;) alert tcp $HOME_NET any -> [70.36.102.35] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.36.102.35/; sid:900608413; rev:1;) alert tcp $HOME_NET any -> [92.240.254.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.240.254.110/; sid:900608414; rev:1;) alert tcp $HOME_NET any -> [179.100.109.11] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.100.109.11/; sid:900608416; rev:1;) alert tcp $HOME_NET any -> [78.87.196.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.196.125/; sid:900608417; rev:1;) alert tcp $HOME_NET any -> [177.97.48.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.97.48.132/; sid:900608418; rev:1;) alert tcp $HOME_NET any -> [179.158.105.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.105.44/; sid:900608419; rev:1;) alert tcp $HOME_NET any -> [5.189.160.61] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.160.61/; sid:900608420; rev:1;) alert tcp $HOME_NET any -> [94.177.178.26] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.178.26/; sid:900608421; rev:1;) alert tcp $HOME_NET any -> [39.44.127.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.127.250/; sid:900608422; rev:1;) alert tcp $HOME_NET any -> [92.96.183.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.183.242/; sid:900608423; rev:1;) alert tcp $HOME_NET any -> [92.96.183.242] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.183.242/; sid:900608424; rev:1;) alert tcp $HOME_NET any -> [90.120.65.153] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.120.65.153/; sid:900608425; rev:1;) alert tcp $HOME_NET any -> [186.106.197.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.106.197.52/; sid:900608426; rev:1;) alert tcp $HOME_NET any -> [143.0.219.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.219.6/; sid:900608427; rev:1;) alert tcp $HOME_NET any -> [129.208.128.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.128.102/; sid:900608428; rev:1;) alert tcp $HOME_NET any -> [125.24.107.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.107.190/; sid:900608429; rev:1;) alert tcp $HOME_NET any -> [102.156.37.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.37.51/; sid:900608430; rev:1;) alert tcp $HOME_NET any -> [186.64.67.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.46/; sid:900608431; rev:1;) alert tcp $HOME_NET any -> [87.17.45.67] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.17.45.67/; sid:900608432; rev:1;) alert tcp $HOME_NET any -> [103.87.95.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.95.133/; sid:900608433; rev:1;) alert tcp $HOME_NET any -> [187.102.135.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.142/; sid:900608434; rev:1;) alert tcp $HOME_NET any -> [191.205.7.5] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.205.7.5/; sid:900608435; rev:1;) alert tcp $HOME_NET any -> [187.195.98.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.195.98.155/; sid:900608436; rev:1;) alert tcp $HOME_NET any -> [101.190.95.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.190.95.16/; sid:900608437; rev:1;) alert tcp $HOME_NET any -> [217.165.146.136] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.136/; sid:900608438; rev:1;) alert tcp $HOME_NET any -> [102.140.71.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.38/; sid:900608439; rev:1;) alert tcp $HOME_NET any -> [1.161.126.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.13/; sid:900608440; rev:1;) alert tcp $HOME_NET any -> [86.180.31.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.180.31.38/; sid:900608441; rev:1;) alert tcp $HOME_NET any -> [94.36.190.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.190.252/; sid:900608442; rev:1;) alert tcp $HOME_NET any -> [216.120.236.62] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.120.236.62/; sid:900608443; rev:1;) alert tcp $HOME_NET any -> [189.232.46.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.232.46.161/; sid:900608444; rev:1;) alert tcp $HOME_NET any -> [159.8.59.82] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900608445; rev:1;) alert tcp $HOME_NET any -> [50.116.19.225] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.19.225/; sid:900608446; rev:1;) alert tcp $HOME_NET any -> [88.198.131.5] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.198.131.5/; sid:900608447; rev:1;) alert tcp $HOME_NET any -> [1.161.126.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.13/; sid:900608448; rev:1;) alert tcp $HOME_NET any -> [81.60.217.44] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.217.44/; sid:900608449; rev:1;) alert tcp $HOME_NET any -> [85.1.164.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.1.164.37/; sid:900608450; rev:1;) alert tcp $HOME_NET any -> [45.55.63.166] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.63.166/; sid:900608451; rev:1;) alert tcp $HOME_NET any -> [31.215.185.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.59/; sid:900608452; rev:1;) alert tcp $HOME_NET any -> [79.129.121.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.121.68/; sid:900608453; rev:1;) alert tcp $HOME_NET any -> [75.113.214.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.214.234/; sid:900608454; rev:1;) alert tcp $HOME_NET any -> [129.208.19.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.19.253/; sid:900608455; rev:1;) alert tcp $HOME_NET any -> [103.88.226.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.88.226.30/; sid:900608456; rev:1;) alert tcp $HOME_NET any -> [78.101.91.50] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.91.50/; sid:900608457; rev:1;) alert tcp $HOME_NET any -> [45.241.152.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.152.155/; sid:900608458; rev:1;) alert tcp $HOME_NET any -> [119.158.111.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.111.142/; sid:900608459; rev:1;) alert tcp $HOME_NET any -> [39.57.23.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.23.5/; sid:900608460; rev:1;) alert tcp $HOME_NET any -> [87.139.163.216] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.139.163.216/; sid:900608461; rev:1;) alert tcp $HOME_NET any -> [200.58.84.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.84.99/; sid:900608462; rev:1;) alert tcp $HOME_NET any -> [39.44.144.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.144.159/; sid:900608463; rev:1;) alert tcp $HOME_NET any -> [102.65.38.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.90/; sid:900608464; rev:1;) alert tcp $HOME_NET any -> [82.84.66.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.84.66.211/; sid:900608465; rev:1;) alert tcp $HOME_NET any -> [31.215.185.59] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.59/; sid:900608466; rev:1;) alert tcp $HOME_NET any -> [112.199.148.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.199.148.55/; sid:900608467; rev:1;) alert tcp $HOME_NET any -> [70.51.132.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.235/; sid:900608468; rev:1;) alert tcp $HOME_NET any -> [189.237.58.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.58.13/; sid:900608469; rev:1;) alert tcp $HOME_NET any -> [120.61.2.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.2.215/; sid:900608470; rev:1;) alert tcp $HOME_NET any -> [195.201.151.129] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.151.129/; sid:900608471; rev:1;) alert tcp $HOME_NET any -> [79.143.187.147] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.187.147/; sid:900608472; rev:1;) alert tcp $HOME_NET any -> [159.203.141.156] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.141.156/; sid:900608473; rev:1;) alert tcp $HOME_NET any -> [92.132.135.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.135.233/; sid:900608474; rev:1;) alert tcp $HOME_NET any -> [66.98.42.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.98.42.102/; sid:900608475; rev:1;) alert tcp $HOME_NET any -> [39.49.106.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.106.26/; sid:900608476; rev:1;) alert tcp $HOME_NET any -> [191.249.126.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.249.126.43/; sid:900608477; rev:1;) alert tcp $HOME_NET any -> [187.58.245.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.245.168/; sid:900608478; rev:1;) alert tcp $HOME_NET any -> [94.59.56.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.162/; sid:900608479; rev:1;) alert tcp $HOME_NET any -> [70.51.134.168] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.168/; sid:900608480; rev:1;) alert tcp $HOME_NET any -> [94.59.56.162] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.162/; sid:900608481; rev:1;) alert tcp $HOME_NET any -> [176.104.106.96] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.104.106.96/; sid:900608482; rev:1;) alert tcp $HOME_NET any -> [46.198.215.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.215.60/; sid:900608483; rev:1;) alert tcp $HOME_NET any -> [187.251.132.155] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.251.132.155/; sid:900608484; rev:1;) alert tcp $HOME_NET any -> [201.211.64.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.64.196/; sid:900608485; rev:1;) alert tcp $HOME_NET any -> [190.252.242.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.242.69/; sid:900608486; rev:1;) alert tcp $HOME_NET any -> [39.33.197.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.197.68/; sid:900608487; rev:1;) alert tcp $HOME_NET any -> [187.208.97.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.97.145/; sid:900608488; rev:1;) alert tcp $HOME_NET any -> [64.121.162.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.121.162.220/; sid:900608489; rev:1;) alert tcp $HOME_NET any -> [138.197.109.175] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.109.175/; sid:900608490; rev:1;) alert tcp $HOME_NET any -> [45.176.232.125] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.176.232.125/; sid:900608491; rev:1;) alert tcp $HOME_NET any -> [187.84.80.182] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.84.80.182/; sid:900608492; rev:1;) alert tcp $HOME_NET any -> [109.160.96.230] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.160.96.230/; sid:900608493; rev:1;) alert tcp $HOME_NET any -> [1.161.75.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.75.18/; sid:900608494; rev:1;) alert tcp $HOME_NET any -> [1.161.75.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.75.18/; sid:900608495; rev:1;) alert tcp $HOME_NET any -> [83.110.157.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.157.57/; sid:900608496; rev:1;) alert tcp $HOME_NET any -> [195.32.32.122] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.32.32.122/; sid:900608497; rev:1;) alert tcp $HOME_NET any -> [209.197.176.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.197.176.40/; sid:900608498; rev:1;) alert tcp $HOME_NET any -> [41.84.239.89] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.239.89/; sid:900608499; rev:1;) alert tcp $HOME_NET any -> [101.255.82.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.255.82.164/; sid:900608500; rev:1;) alert tcp $HOME_NET any -> [32.221.224.140] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.221.224.140/; sid:900608501; rev:1;) alert tcp $HOME_NET any -> [125.24.101.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.101.65/; sid:900608502; rev:1;) alert tcp $HOME_NET any -> [85.246.82.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.246.82.244/; sid:900608503; rev:1;) alert tcp $HOME_NET any -> [187.250.114.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.114.15/; sid:900608504; rev:1;) alert tcp $HOME_NET any -> [189.146.126.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.126.190/; sid:900608505; rev:1;) alert tcp $HOME_NET any -> [104.131.11.205] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.11.205/; sid:900608506; rev:1;) alert tcp $HOME_NET any -> [167.99.127.67] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.127.67/; sid:900608507; rev:1;) alert tcp $HOME_NET any -> [180.183.128.80] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.128.80/; sid:900608508; rev:1;) alert tcp $HOME_NET any -> [102.140.71.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.10/; sid:900608509; rev:1;) alert tcp $HOME_NET any -> [217.164.117.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.187/; sid:900608510; rev:1;) alert tcp $HOME_NET any -> [78.100.225.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.225.12/; sid:900608511; rev:1;) alert tcp $HOME_NET any -> [217.164.117.187] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.187/; sid:900608512; rev:1;) alert tcp $HOME_NET any -> [86.220.98.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.220.98.71/; sid:900608513; rev:1;) alert tcp $HOME_NET any -> [39.49.46.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.46.114/; sid:900608514; rev:1;) alert tcp $HOME_NET any -> [181.62.0.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.62.0.59/; sid:900608515; rev:1;) alert tcp $HOME_NET any -> [81.60.217.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.217.218/; sid:900608516; rev:1;) alert tcp $HOME_NET any -> [191.112.12.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.12.240/; sid:900608517; rev:1;) alert tcp $HOME_NET any -> [201.145.189.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.189.252/; sid:900608519; rev:1;) alert tcp $HOME_NET any -> [102.159.151.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.151.222/; sid:900608520; rev:1;) alert tcp $HOME_NET any -> [68.183.94.239] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.94.239/; sid:900608521; rev:1;) alert tcp $HOME_NET any -> [189.176.231.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.176.231.229/; sid:900608522; rev:1;) alert tcp $HOME_NET any -> [58.105.167.36] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.105.167.36/; sid:900608523; rev:1;) alert tcp $HOME_NET any -> [201.103.199.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.199.197/; sid:900608524; rev:1;) alert tcp $HOME_NET any -> [103.107.113.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.120/; sid:900608525; rev:1;) alert tcp $HOME_NET any -> [86.98.157.14] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.14/; sid:900608526; rev:1;) alert tcp $HOME_NET any -> [41.84.233.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.233.53/; sid:900608527; rev:1;) alert tcp $HOME_NET any -> [189.115.16.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.115.16.78/; sid:900608528; rev:1;) alert tcp $HOME_NET any -> [96.29.208.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.29.208.97/; sid:900608529; rev:1;) alert tcp $HOME_NET any -> [46.107.48.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.107.48.202/; sid:900608530; rev:1;) alert tcp $HOME_NET any -> [105.226.83.196] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.83.196/; sid:900608531; rev:1;) alert tcp $HOME_NET any -> [2.50.22.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.22.45/; sid:900608532; rev:1;) alert tcp $HOME_NET any -> [78.167.216.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.167.216.171/; sid:900608533; rev:1;) alert tcp $HOME_NET any -> [187.207.7.231] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.7.231/; sid:900608534; rev:1;) alert tcp $HOME_NET any -> [217.165.109.212] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.212/; sid:900608535; rev:1;) alert tcp $HOME_NET any -> [191.251.191.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.251.191.31/; sid:900608536; rev:1;) alert tcp $HOME_NET any -> [125.24.107.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.107.95/; sid:900608537; rev:1;) alert tcp $HOME_NET any -> [2.50.137.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.197/; sid:900608538; rev:1;) alert tcp $HOME_NET any -> [45.241.145.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.252/; sid:900608539; rev:1;) alert tcp $HOME_NET any -> [41.38.167.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.38.167.179/; sid:900608540; rev:1;) alert tcp $HOME_NET any -> [81.60.218.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.60.218.17/; sid:900608541; rev:1;) alert tcp $HOME_NET any -> [83.110.75.97] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.97/; sid:900608542; rev:1;) alert tcp $HOME_NET any -> [88.235.143.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.235.143.36/; sid:900608543; rev:1;) alert tcp $HOME_NET any -> [78.100.227.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.227.177/; sid:900608544; rev:1;) alert tcp $HOME_NET any -> [78.101.150.251] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.150.251/; sid:900608545; rev:1;) alert tcp $HOME_NET any -> [109.228.220.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.220.196/; sid:900608546; rev:1;) alert tcp $HOME_NET any -> [92.96.182.192] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.182.192/; sid:900608547; rev:1;) alert tcp $HOME_NET any -> [92.96.182.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.96.182.192/; sid:900608548; rev:1;) alert tcp $HOME_NET any -> [37.34.253.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.253.233/; sid:900608549; rev:1;) alert tcp $HOME_NET any -> [102.182.232.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.232.3/; sid:900608550; rev:1;) alert tcp $HOME_NET any -> [144.136.35.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.136.35.102/; sid:900608551; rev:1;) alert tcp $HOME_NET any -> [39.41.173.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.173.204/; sid:900608552; rev:1;) alert tcp $HOME_NET any -> [197.162.118.178] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.162.118.178/; sid:900608553; rev:1;) alert tcp $HOME_NET any -> [176.205.119.81] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.119.81/; sid:900608554; rev:1;) alert tcp $HOME_NET any -> [217.182.78.224] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.182.78.224/; sid:900608555; rev:1;) alert tcp $HOME_NET any -> [149.56.131.28] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.131.28/; sid:900608556; rev:1;) alert tcp $HOME_NET any -> [37.210.238.79] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.238.79/; sid:900608559; rev:1;) alert tcp $HOME_NET any -> [181.118.183.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.98/; sid:900608560; rev:1;) alert tcp $HOME_NET any -> [81.215.196.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.196.174/; sid:900608561; rev:1;) alert tcp $HOME_NET any -> [187.207.48.194] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.48.194/; sid:900608562; rev:1;) alert tcp $HOME_NET any -> [78.161.215.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.161.215.162/; sid:900608563; rev:1;) alert tcp $HOME_NET any -> [102.140.71.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.140.71.72/; sid:900608564; rev:1;) alert tcp $HOME_NET any -> [39.49.81.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.81.128/; sid:900608565; rev:1;) alert tcp $HOME_NET any -> [92.154.9.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.9.41/; sid:900608566; rev:1;) alert tcp $HOME_NET any -> [181.208.248.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.208.248.227/; sid:900608567; rev:1;) alert tcp $HOME_NET any -> [89.211.187.3] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.187.3/; sid:900608568; rev:1;) alert tcp $HOME_NET any -> [103.139.243.207] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900608569; rev:1;) alert tcp $HOME_NET any -> [31.48.166.122] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.48.166.122/; sid:900608570; rev:1;) alert tcp $HOME_NET any -> [197.87.144.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.144.193/; sid:900608571; rev:1;) alert tcp $HOME_NET any -> [1.161.121.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.121.58/; sid:900608572; rev:1;) alert tcp $HOME_NET any -> [191.17.223.93] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.17.223.93/; sid:900608573; rev:1;) alert tcp $HOME_NET any -> [120.61.1.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.61.1.185/; sid:900608574; rev:1;) alert tcp $HOME_NET any -> [189.178.44.144] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.44.144/; sid:900608575; rev:1;) alert tcp $HOME_NET any -> [140.0.161.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.0.161.213/; sid:900608576; rev:1;) alert tcp $HOME_NET any -> [191.112.29.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.29.181/; sid:900608577; rev:1;) alert tcp $HOME_NET any -> [31.215.185.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.114/; sid:900608578; rev:1;) alert tcp $HOME_NET any -> [119.158.126.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.158.126.69/; sid:900608579; rev:1;) alert tcp $HOME_NET any -> [1.161.121.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.121.58/; sid:900608580; rev:1;) alert tcp $HOME_NET any -> [86.98.156.250] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.250/; sid:900608581; rev:1;) alert tcp $HOME_NET any -> [45.241.214.192] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.214.192/; sid:900608582; rev:1;) alert tcp $HOME_NET any -> [42.235.146.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.235.146.7/; sid:900608583; rev:1;) alert tcp $HOME_NET any -> [113.11.89.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.89.165/; sid:900608584; rev:1;) alert tcp $HOME_NET any -> [94.59.57.24] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.57.24/; sid:900608585; rev:1;) alert tcp $HOME_NET any -> [94.36.195.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.250/; sid:900608586; rev:1;) alert tcp $HOME_NET any -> [94.59.138.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.138.62/; sid:900608591; rev:1;) alert tcp $HOME_NET any -> [92.132.172.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.172.197/; sid:900608592; rev:1;) alert tcp $HOME_NET any -> [94.59.138.62] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.138.62/; sid:900608593; rev:1;) alert tcp $HOME_NET any -> [89.211.181.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.181.64/; sid:900608594; rev:1;) alert tcp $HOME_NET any -> [37.186.54.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.54.254/; sid:900608595; rev:1;) alert tcp $HOME_NET any -> [70.51.138.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.138.126/; sid:900608596; rev:1;) alert tcp $HOME_NET any -> [187.251.132.144] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.251.132.144/; sid:900608597; rev:1;) alert tcp $HOME_NET any -> [78.87.206.213] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.206.213/; sid:900608598; rev:1;) alert tcp $HOME_NET any -> [186.105.121.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.121.166/; sid:900608599; rev:1;) alert tcp $HOME_NET any -> [103.246.242.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.246.242.202/; sid:900608600; rev:1;) alert tcp $HOME_NET any -> [86.97.11.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.11.43/; sid:900608601; rev:1;) alert tcp $HOME_NET any -> [217.164.210.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.210.192/; sid:900608602; rev:1;) alert tcp $HOME_NET any -> [121.74.167.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.167.191/; sid:900608603; rev:1;) alert tcp $HOME_NET any -> [125.168.47.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.168.47.127/; sid:900608604; rev:1;) alert tcp $HOME_NET any -> [1.161.71.109] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.71.109/; sid:900608605; rev:1;) alert tcp $HOME_NET any -> [180.129.102.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.102.214/; sid:900608606; rev:1;) alert tcp $HOME_NET any -> [217.165.147.83] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.83/; sid:900608607; rev:1;) alert tcp $HOME_NET any -> [197.167.62.14] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.62.14/; sid:900608608; rev:1;) alert tcp $HOME_NET any -> [1.161.71.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.71.109/; sid:900608609; rev:1;) alert tcp $HOME_NET any -> [187.59.23.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.59.23.53/; sid:900608610; rev:1;) alert tcp $HOME_NET any -> [186.64.67.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.38/; sid:900608611; rev:1;) alert tcp $HOME_NET any -> [191.17.223.222] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.17.223.222/; sid:900608612; rev:1;) alert tcp $HOME_NET any -> [83.110.75.225] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.225/; sid:900608613; rev:1;) alert tcp $HOME_NET any -> [86.97.247.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.20/; sid:900608614; rev:1;) alert tcp $HOME_NET any -> [37.210.164.171] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.164.171/; sid:900608615; rev:1;) alert tcp $HOME_NET any -> [177.158.7.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.158.7.155/; sid:900608616; rev:1;) alert tcp $HOME_NET any -> [187.172.232.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.232.250/; sid:900608617; rev:1;) alert tcp $HOME_NET any -> [86.97.247.20] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.20/; sid:900608618; rev:1;) alert tcp $HOME_NET any -> [201.124.1.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.1.172/; sid:900608619; rev:1;) alert tcp $HOME_NET any -> [103.133.11.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.133.11.10/; sid:900608620; rev:1;) alert tcp $HOME_NET any -> [187.207.47.198] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.47.198/; sid:900608621; rev:1;) alert tcp $HOME_NET any -> [78.100.206.189] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.206.189/; sid:900608622; rev:1;) alert tcp $HOME_NET any -> [78.101.88.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.88.134/; sid:900608623; rev:1;) alert tcp $HOME_NET any -> [116.30.6.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.6.16/; sid:900608624; rev:1;) alert tcp $HOME_NET any -> [217.164.117.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.22/; sid:900608625; rev:1;) alert tcp $HOME_NET any -> [72.27.15.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.15.168/; sid:900608626; rev:1;) alert tcp $HOME_NET any -> [70.51.152.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.186/; sid:900608627; rev:1;) alert tcp $HOME_NET any -> [2.50.4.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.57/; sid:900608628; rev:1;) alert tcp $HOME_NET any -> [217.164.117.22] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.22/; sid:900608629; rev:1;) alert tcp $HOME_NET any -> [177.62.254.60] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.62.254.60/; sid:900608630; rev:1;) alert tcp $HOME_NET any -> [5.54.50.169] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.50.169/; sid:900608631; rev:1;) alert tcp $HOME_NET any -> [201.145.179.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.179.247/; sid:900608632; rev:1;) alert tcp $HOME_NET any -> [191.112.20.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.20.100/; sid:900608633; rev:1;) alert tcp $HOME_NET any -> [1.161.116.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.116.40/; sid:900608634; rev:1;) alert tcp $HOME_NET any -> [39.52.31.233] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.31.233/; sid:900608635; rev:1;) alert tcp $HOME_NET any -> [86.98.78.51] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.51/; sid:900608636; rev:1;) alert tcp $HOME_NET any -> [1.161.116.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.116.40/; sid:900608637; rev:1;) alert tcp $HOME_NET any -> [217.164.76.203] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.76.203/; sid:900608638; rev:1;) alert tcp $HOME_NET any -> [182.121.68.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.121.68.188/; sid:900608639; rev:1;) alert tcp $HOME_NET any -> [85.104.122.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.122.231/; sid:900608640; rev:1;) alert tcp $HOME_NET any -> [83.110.91.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.58/; sid:900608641; rev:1;) alert tcp $HOME_NET any -> [41.129.82.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.129.82.125/; sid:900608642; rev:1;) alert tcp $HOME_NET any -> [180.183.97.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.97.165/; sid:900608643; rev:1;) alert tcp $HOME_NET any -> [94.23.45.86] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900608644; rev:1;) alert tcp $HOME_NET any -> [104.131.62.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.62.48/; sid:900608645; rev:1;) alert tcp $HOME_NET any -> [85.101.204.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.101.204.178/; sid:900608646; rev:1;) alert tcp $HOME_NET any -> [179.174.52.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.174.52.27/; sid:900608647; rev:1;) alert tcp $HOME_NET any -> [116.30.5.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.5.32/; sid:900608648; rev:1;) alert tcp $HOME_NET any -> [78.100.192.210] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.192.210/; sid:900608649; rev:1;) alert tcp $HOME_NET any -> [78.100.234.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.234.143/; sid:900608650; rev:1;) alert tcp $HOME_NET any -> [72.12.115.71] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.115.71/; sid:900608651; rev:1;) alert tcp $HOME_NET any -> [62.75.251.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900608652; rev:1;) alert tcp $HOME_NET any -> [93.104.209.56] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.104.209.56/; sid:900608653; rev:1;) alert tcp $HOME_NET any -> [103.85.160.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.85.160.5/; sid:900608654; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900608655; rev:1;) alert tcp $HOME_NET any -> [49.231.16.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.16.102/; sid:900608656; rev:1;) alert tcp $HOME_NET any -> [176.205.23.170] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.23.170/; sid:900608657; rev:1;) alert tcp $HOME_NET any -> [176.205.23.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.23.170/; sid:900608658; rev:1;) alert tcp $HOME_NET any -> [47.110.149.223] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.110.149.223/; sid:900608659; rev:1;) alert tcp $HOME_NET any -> [114.79.130.68] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900608660; rev:1;) alert tcp $HOME_NET any -> [103.30.145.119] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.145.119/; sid:900608661; rev:1;) alert tcp $HOME_NET any -> [138.197.147.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.147.101/; sid:900608662; rev:1;) alert tcp $HOME_NET any -> [134.195.212.50] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.195.212.50/; sid:900608663; rev:1;) alert tcp $HOME_NET any -> [104.168.154.79] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900608664; rev:1;) alert tcp $HOME_NET any -> [121.7.223.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.59/; sid:900608665; rev:1;) alert tcp $HOME_NET any -> [1.161.67.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.67.235/; sid:900608666; rev:1;) alert tcp $HOME_NET any -> [86.98.156.198] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.198/; sid:900608667; rev:1;) alert tcp $HOME_NET any -> [1.161.67.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.67.235/; sid:900608668; rev:1;) alert tcp $HOME_NET any -> [189.146.73.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.73.62/; sid:900608669; rev:1;) alert tcp $HOME_NET any -> [78.101.82.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.82.40/; sid:900608670; rev:1;) alert tcp $HOME_NET any -> [31.215.185.49] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.49/; sid:900608671; rev:1;) alert tcp $HOME_NET any -> [31.215.185.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.49/; sid:900608672; rev:1;) alert tcp $HOME_NET any -> [46.198.215.152] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.215.152/; sid:900608673; rev:1;) alert tcp $HOME_NET any -> [189.27.113.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.27.113.73/; sid:900608674; rev:1;) alert tcp $HOME_NET any -> [201.13.50.41] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.13.50.41/; sid:900608675; rev:1;) alert tcp $HOME_NET any -> [201.22.97.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.22.97.225/; sid:900608676; rev:1;) alert tcp $HOME_NET any -> [186.105.103.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.103.240/; sid:900608677; rev:1;) alert tcp $HOME_NET any -> [177.205.6.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.6.251/; sid:900608678; rev:1;) alert tcp $HOME_NET any -> [142.184.161.168] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.184.161.168/; sid:900608679; rev:1;) alert tcp $HOME_NET any -> [180.183.134.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.134.56/; sid:900608680; rev:1;) alert tcp $HOME_NET any -> [115.50.75.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.50.75.208/; sid:900608681; rev:1;) alert tcp $HOME_NET any -> [197.167.63.31] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.63.31/; sid:900608682; rev:1;) alert tcp $HOME_NET any -> [68.183.91.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.91.111/; sid:900608683; rev:1;) alert tcp $HOME_NET any -> [164.52.194.45] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.52.194.45/; sid:900608684; rev:1;) alert tcp $HOME_NET any -> [138.201.142.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.142.73/; sid:900608685; rev:1;) alert tcp $HOME_NET any -> [37.210.160.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.160.58/; sid:900608686; rev:1;) alert tcp $HOME_NET any -> [70.51.153.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.189/; sid:900608687; rev:1;) alert tcp $HOME_NET any -> [72.252.157.172] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900608688; rev:1;) alert tcp $HOME_NET any -> [217.160.107.189] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900608689; rev:1;) alert tcp $HOME_NET any -> [119.59.98.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.98.59/; sid:900608690; rev:1;) alert tcp $HOME_NET any -> [68.183.84.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.84.74/; sid:900608691; rev:1;) alert tcp $HOME_NET any -> [197.164.175.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.175.205/; sid:900608692; rev:1;) alert tcp $HOME_NET any -> [85.97.79.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.97.79.239/; sid:900608693; rev:1;) alert tcp $HOME_NET any -> [41.84.248.41] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.248.41/; sid:900608694; rev:1;) alert tcp $HOME_NET any -> [31.215.214.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.189/; sid:900608695; rev:1;) alert tcp $HOME_NET any -> [174.95.174.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.95.174.163/; sid:900608696; rev:1;) alert tcp $HOME_NET any -> [201.172.23.68] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.23.68/; sid:900608697; rev:1;) alert tcp $HOME_NET any -> [189.253.162.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.162.110/; sid:900608698; rev:1;) alert tcp $HOME_NET any -> [140.0.79.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.0.79.30/; sid:900608699; rev:1;) alert tcp $HOME_NET any -> [72.252.157.172] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.172/; sid:900608700; rev:1;) alert tcp $HOME_NET any -> [31.215.214.189] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.189/; sid:900608701; rev:1;) alert tcp $HOME_NET any -> [1.161.126.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.64/; sid:900608702; rev:1;) alert tcp $HOME_NET any -> [1.161.126.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.126.64/; sid:900608703; rev:1;) alert tcp $HOME_NET any -> [83.110.93.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.93.205/; sid:900608704; rev:1;) alert tcp $HOME_NET any -> [39.49.94.35] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.94.35/; sid:900608705; rev:1;) alert tcp $HOME_NET any -> [139.59.44.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.44.48/; sid:900608706; rev:1;) alert tcp $HOME_NET any -> [74.14.7.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.7.71/; sid:900608707; rev:1;) alert tcp $HOME_NET any -> [167.86.191.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.191.84/; sid:900608708; rev:1;) alert tcp $HOME_NET any -> [85.96.46.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.46.255/; sid:900608709; rev:1;) alert tcp $HOME_NET any -> [102.65.38.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.74/; sid:900608710; rev:1;) alert tcp $HOME_NET any -> [187.58.79.229] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.79.229/; sid:900608711; rev:1;) alert tcp $HOME_NET any -> [148.0.57.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.57.85/; sid:900608712; rev:1;) alert tcp $HOME_NET any -> [197.89.17.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.104/; sid:900608713; rev:1;) alert tcp $HOME_NET any -> [104.34.212.7] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.34.212.7/; sid:900608714; rev:1;) alert tcp $HOME_NET any -> [190.74.239.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.239.37/; sid:900608715; rev:1;) alert tcp $HOME_NET any -> [179.99.49.37] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.99.49.37/; sid:900608716; rev:1;) alert tcp $HOME_NET any -> [101.51.79.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.79.185/; sid:900608717; rev:1;) alert tcp $HOME_NET any -> [70.51.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.227/; sid:900608718; rev:1;) alert tcp $HOME_NET any -> [81.155.87.247] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.155.87.247/; sid:900608719; rev:1;) alert tcp $HOME_NET any -> [187.208.137.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.137.144/; sid:900608720; rev:1;) alert tcp $HOME_NET any -> [31.215.184.145] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.184.145/; sid:900608721; rev:1;) alert tcp $HOME_NET any -> [31.215.71.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.71.174/; sid:900608722; rev:1;) alert tcp $HOME_NET any -> [176.31.73.90] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.73.90/; sid:900608723; rev:1;) alert tcp $HOME_NET any -> [45.76.159.214] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.159.214/; sid:900608724; rev:1;) alert tcp $HOME_NET any -> [180.129.20.164] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.20.164/; sid:900608725; rev:1;) alert tcp $HOME_NET any -> [183.88.61.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.88.61.229/; sid:900608726; rev:1;) alert tcp $HOME_NET any -> [118.161.9.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900608727; rev:1;) alert tcp $HOME_NET any -> [98.22.246.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.246.169/; sid:900608728; rev:1;) alert tcp $HOME_NET any -> [118.161.9.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.9.45/; sid:900608729; rev:1;) alert tcp $HOME_NET any -> [86.98.78.42] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.42/; sid:900608730; rev:1;) alert tcp $HOME_NET any -> [39.44.144.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.144.64/; sid:900608731; rev:1;) alert tcp $HOME_NET any -> [45.241.170.130] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.170.130/; sid:900608732; rev:1;) alert tcp $HOME_NET any -> [85.214.93.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.214.93.93/; sid:900608733; rev:1;) alert tcp $HOME_NET any -> [178.62.112.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.112.199/; sid:900608734; rev:1;) alert tcp $HOME_NET any -> [45.241.145.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.100/; sid:900608735; rev:1;) alert tcp $HOME_NET any -> [85.96.45.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.45.51/; sid:900608736; rev:1;) alert tcp $HOME_NET any -> [165.22.211.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.211.113/; sid:900608737; rev:1;) alert tcp $HOME_NET any -> [139.59.60.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.60.88/; sid:900608738; rev:1;) alert tcp $HOME_NET any -> [96.125.171.165] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.125.171.165/; sid:900608739; rev:1;) alert tcp $HOME_NET any -> [178.128.82.218] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.82.218/; sid:900608740; rev:1;) alert tcp $HOME_NET any -> [103.221.221.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.221.221.164/; sid:900608741; rev:1;) alert tcp $HOME_NET any -> [46.176.222.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.222.34/; sid:900608742; rev:1;) alert tcp $HOME_NET any -> [39.57.23.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.23.116/; sid:900608743; rev:1;) alert tcp $HOME_NET any -> [41.84.241.23] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.241.23/; sid:900608744; rev:1;) alert tcp $HOME_NET any -> [185.249.85.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.175/; sid:900608745; rev:1;) alert tcp $HOME_NET any -> [113.89.5.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.5.252/; sid:900608746; rev:1;) alert tcp $HOME_NET any -> [78.180.88.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.88.120/; sid:900608747; rev:1;) alert tcp $HOME_NET any -> [197.89.108.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.108.36/; sid:900608748; rev:1;) alert tcp $HOME_NET any -> [94.59.56.46] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900608749; rev:1;) alert tcp $HOME_NET any -> [191.112.14.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.14.1/; sid:900608750; rev:1;) alert tcp $HOME_NET any -> [94.59.56.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.56.46/; sid:900608751; rev:1;) alert tcp $HOME_NET any -> [1.161.104.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900608752; rev:1;) alert tcp $HOME_NET any -> [1.161.104.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.149/; sid:900608753; rev:1;) alert tcp $HOME_NET any -> [83.110.218.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.218.155/; sid:900608754; rev:1;) alert tcp $HOME_NET any -> [83.79.122.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.79.122.192/; sid:900608755; rev:1;) alert tcp $HOME_NET any -> [86.132.13.91] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.13.91/; sid:900608756; rev:1;) alert tcp $HOME_NET any -> [187.172.170.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.170.129/; sid:900608757; rev:1;) alert tcp $HOME_NET any -> [187.114.156.142] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.114.156.142/; sid:900608758; rev:1;) alert tcp $HOME_NET any -> [186.64.67.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.8/; sid:900608759; rev:1;) alert tcp $HOME_NET any -> [39.33.211.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.211.246/; sid:900608760; rev:1;) alert tcp $HOME_NET any -> [189.146.78.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.78.175/; sid:900608761; rev:1;) alert tcp $HOME_NET any -> [103.139.243.207] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.207/; sid:900608762; rev:1;) alert tcp $HOME_NET any -> [217.164.117.87] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.117.87/; sid:900608763; rev:1;) alert tcp $HOME_NET any -> [184.100.157.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.100.157.205/; sid:900608764; rev:1;) alert tcp $HOME_NET any -> [197.94.84.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.84.67/; sid:900608765; rev:1;) alert tcp $HOME_NET any -> [194.36.28.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.102/; sid:900608766; rev:1;) alert tcp $HOME_NET any -> [179.179.162.9] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.179.162.9/; sid:900608767; rev:1;) alert tcp $HOME_NET any -> [141.237.86.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.86.114/; sid:900608768; rev:1;) alert tcp $HOME_NET any -> [94.36.195.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.195.102/; sid:900608769; rev:1;) alert tcp $HOME_NET any -> [217.118.46.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.118.46.41/; sid:900608770; rev:1;) alert tcp $HOME_NET any -> [177.102.2.175] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.102.2.175/; sid:900608771; rev:1;) alert tcp $HOME_NET any -> [39.33.170.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.170.57/; sid:900608772; rev:1;) alert tcp $HOME_NET any -> [187.102.135.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.102.135.141/; sid:900608773; rev:1;) alert tcp $HOME_NET any -> [70.51.152.61] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.152.61/; sid:900608774; rev:1;) alert tcp $HOME_NET any -> [187.208.0.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.0.99/; sid:900608775; rev:1;) alert tcp $HOME_NET any -> [201.142.133.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.133.198/; sid:900608776; rev:1;) alert tcp $HOME_NET any -> [118.161.34.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.34.21/; sid:900608777; rev:1;) alert tcp $HOME_NET any -> [89.211.182.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.182.31/; sid:900608779; rev:1;) alert tcp $HOME_NET any -> [88.228.251.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.228.251.169/; sid:900608780; rev:1;) alert tcp $HOME_NET any -> [217.165.84.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.177/; sid:900608781; rev:1;) alert tcp $HOME_NET any -> [39.57.56.19] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.56.19/; sid:900608782; rev:1;) alert tcp $HOME_NET any -> [83.110.89.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.191/; sid:900608785; rev:1;) alert tcp $HOME_NET any -> [197.89.6.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.6.37/; sid:900608786; rev:1;) alert tcp $HOME_NET any -> [188.50.241.63] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.241.63/; sid:900608787; rev:1;) alert tcp $HOME_NET any -> [78.100.197.230] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.197.230/; sid:900608788; rev:1;) alert tcp $HOME_NET any -> [86.98.78.177] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.177/; sid:900608789; rev:1;) alert tcp $HOME_NET any -> [197.162.117.38] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.162.117.38/; sid:900608790; rev:1;) alert tcp $HOME_NET any -> [185.249.85.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.249.85.200/; sid:900608791; rev:1;) alert tcp $HOME_NET any -> [186.90.153.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.153.162/; sid:900608792; rev:1;) alert tcp $HOME_NET any -> [101.51.76.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.51.76.46/; sid:900608793; rev:1;) alert tcp $HOME_NET any -> [45.241.145.155] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.145.155/; sid:900608794; rev:1;) alert tcp $HOME_NET any -> [78.100.235.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.235.8/; sid:900608795; rev:1;) alert tcp $HOME_NET any -> [201.42.3.27] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.42.3.27/; sid:900608796; rev:1;) alert tcp $HOME_NET any -> [124.40.244.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.40.244.118/; sid:900608797; rev:1;) alert tcp $HOME_NET any -> [86.97.246.216] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.216/; sid:900608798; rev:1;) alert tcp $HOME_NET any -> [201.1.202.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.1.202.82/; sid:900608799; rev:1;) alert tcp $HOME_NET any -> [189.26.55.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.26.55.114/; sid:900608800; rev:1;) alert tcp $HOME_NET any -> [191.251.134.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.251.134.129/; sid:900608801; rev:1;) alert tcp $HOME_NET any -> [86.97.8.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.200/; sid:900608802; rev:1;) alert tcp $HOME_NET any -> [70.51.137.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.64/; sid:900608803; rev:1;) alert tcp $HOME_NET any -> [103.107.113.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.84/; sid:900608804; rev:1;) alert tcp $HOME_NET any -> [187.172.191.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.191.97/; sid:900608805; rev:1;) alert tcp $HOME_NET any -> [173.22.32.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.32.101/; sid:900608806; rev:1;) alert tcp $HOME_NET any -> [46.103.186.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.103.186.43/; sid:900608807; rev:1;) alert tcp $HOME_NET any -> [63.142.250.212] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.250.212/; sid:900608808; rev:1;) alert tcp $HOME_NET any -> [150.95.66.124] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.66.124/; sid:900608809; rev:1;) alert tcp $HOME_NET any -> [189.146.87.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.87.77/; sid:900608810; rev:1;) alert tcp $HOME_NET any -> [39.44.86.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.86.21/; sid:900608811; rev:1;) alert tcp $HOME_NET any -> [86.190.159.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.159.132/; sid:900608812; rev:1;) alert tcp $HOME_NET any -> [23.239.0.12] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.0.12/; sid:900608813; rev:1;) alert tcp $HOME_NET any -> [187.207.131.50] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.131.50/; sid:900608814; rev:1;) alert tcp $HOME_NET any -> [217.164.119.236] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900608815; rev:1;) alert tcp $HOME_NET any -> [37.210.156.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.156.191/; sid:900608816; rev:1;) alert tcp $HOME_NET any -> [102.65.16.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.16.245/; sid:900608817; rev:1;) alert tcp $HOME_NET any -> [85.107.161.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.107.161.25/; sid:900608818; rev:1;) alert tcp $HOME_NET any -> [176.45.216.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.216.134/; sid:900608819; rev:1;) alert tcp $HOME_NET any -> [217.164.119.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.119.236/; sid:900608820; rev:1;) alert tcp $HOME_NET any -> [39.49.48.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.48.82/; sid:900608821; rev:1;) alert tcp $HOME_NET any -> [187.208.122.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.122.239/; sid:900608822; rev:1;) alert tcp $HOME_NET any -> [186.105.98.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.105.98.35/; sid:900608823; rev:1;) alert tcp $HOME_NET any -> [158.69.222.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.222.101/; sid:900608824; rev:1;) alert tcp $HOME_NET any -> [1.161.66.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.66.82/; sid:900608825; rev:1;) alert tcp $HOME_NET any -> [31.215.102.193] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.102.193/; sid:900608826; rev:1;) alert tcp $HOME_NET any -> [39.44.66.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.66.76/; sid:900608827; rev:1;) alert tcp $HOME_NET any -> [104.248.225.227] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.225.227/; sid:900608828; rev:1;) alert tcp $HOME_NET any -> [188.225.32.231] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.32.231/; sid:900608829; rev:1;) alert tcp $HOME_NET any -> [39.44.178.7] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.178.7/; sid:900608830; rev:1;) alert tcp $HOME_NET any -> [81.129.112.49] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.112.49/; sid:900608831; rev:1;) alert tcp $HOME_NET any -> [146.66.139.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.14/; sid:900608832; rev:1;) alert tcp $HOME_NET any -> [197.89.17.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.17.146/; sid:900608833; rev:1;) alert tcp $HOME_NET any -> [217.165.147.77] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.77/; sid:900608834; rev:1;) alert tcp $HOME_NET any -> [186.90.13.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.13.85/; sid:900608835; rev:1;) alert tcp $HOME_NET any -> [78.183.159.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.183.159.152/; sid:900608837; rev:1;) alert tcp $HOME_NET any -> [47.157.227.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.227.70/; sid:900608838; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900608839; rev:1;) alert tcp $HOME_NET any -> [103.224.242.13] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.242.13/; sid:900608840; rev:1;) alert tcp $HOME_NET any -> [45.226.53.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.53.34/; sid:900608841; rev:1;) alert tcp $HOME_NET any -> [37.208.145.168] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.145.168/; sid:900608843; rev:1;) alert tcp $HOME_NET any -> [39.49.31.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.31.161/; sid:900608844; rev:1;) alert tcp $HOME_NET any -> [1.161.100.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.100.47/; sid:900608845; rev:1;) alert tcp $HOME_NET any -> [37.210.158.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.158.242/; sid:900608846; rev:1;) alert tcp $HOME_NET any -> [197.89.12.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.59/; sid:900608847; rev:1;) alert tcp $HOME_NET any -> [197.164.163.81] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.163.81/; sid:900608848; rev:1;) alert tcp $HOME_NET any -> [179.145.13.69] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.145.13.69/; sid:900608849; rev:1;) alert tcp $HOME_NET any -> [172.105.70.96] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.70.96/; sid:900608850; rev:1;) alert tcp $HOME_NET any -> [187.16.64.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.16.64.194/; sid:900608851; rev:1;) alert tcp $HOME_NET any -> [200.109.56.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.56.159/; sid:900608852; rev:1;) alert tcp $HOME_NET any -> [63.250.39.66] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.250.39.66/; sid:900608853; rev:1;) alert tcp $HOME_NET any -> [178.62.21.18] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.21.18/; sid:900608854; rev:1;) alert tcp $HOME_NET any -> [5.193.138.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.138.70/; sid:900608855; rev:1;) alert tcp $HOME_NET any -> [148.0.15.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.15.41/; sid:900608856; rev:1;) alert tcp $HOME_NET any -> [187.149.227.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.152/; sid:900608857; rev:1;) alert tcp $HOME_NET any -> [177.157.156.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.157.156.136/; sid:900608858; rev:1;) alert tcp $HOME_NET any -> [103.107.113.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.113.82/; sid:900608859; rev:1;) alert tcp $HOME_NET any -> [83.110.88.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.88.196/; sid:900608860; rev:1;) alert tcp $HOME_NET any -> [103.8.26.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.17/; sid:900608861; rev:1;) alert tcp $HOME_NET any -> [134.122.119.23] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.119.23/; sid:900608862; rev:1;) alert tcp $HOME_NET any -> [41.215.158.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.158.114/; sid:900608863; rev:1;) alert tcp $HOME_NET any -> [217.164.120.210] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.120.210/; sid:900608864; rev:1;) alert tcp $HOME_NET any -> [78.100.199.234] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.199.234/; sid:900608865; rev:1;) alert tcp $HOME_NET any -> [200.148.9.225] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.148.9.225/; sid:900608866; rev:1;) alert tcp $HOME_NET any -> [37.210.145.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.145.41/; sid:900608867; rev:1;) alert tcp $HOME_NET any -> [116.30.7.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.30.7.55/; sid:900608868; rev:1;) alert tcp $HOME_NET any -> [83.110.219.20] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.219.20/; sid:900608869; rev:1;) alert tcp $HOME_NET any -> [31.215.70.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.70.187/; sid:900608870; rev:1;) alert tcp $HOME_NET any -> [41.215.153.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.153.62/; sid:900608871; rev:1;) alert tcp $HOME_NET any -> [191.250.188.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.250.188.54/; sid:900608872; rev:1;) alert tcp $HOME_NET any -> [89.29.244.7] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.29.244.7/; sid:900608873; rev:1;) alert tcp $HOME_NET any -> [173.239.37.178] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.239.37.178/; sid:900608874; rev:1;) alert tcp $HOME_NET any -> [39.41.132.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.41.132.180/; sid:900608875; rev:1;) alert tcp $HOME_NET any -> [39.44.46.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.46.206/; sid:900608876; rev:1;) alert tcp $HOME_NET any -> [83.110.89.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.89.53/; sid:900608877; rev:1;) alert tcp $HOME_NET any -> [197.161.51.29] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.51.29/; sid:900608878; rev:1;) alert tcp $HOME_NET any -> [95.12.16.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.12.16.233/; sid:900608879; rev:1;) alert tcp $HOME_NET any -> [39.49.33.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.33.65/; sid:900608880; rev:1;) alert tcp $HOME_NET any -> [197.92.130.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.130.121/; sid:900608881; rev:1;) alert tcp $HOME_NET any -> [31.215.214.100] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.100/; sid:900608882; rev:1;) alert tcp $HOME_NET any -> [125.24.203.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.24.203.79/; sid:900608883; rev:1;) alert tcp $HOME_NET any -> [41.84.236.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.236.153/; sid:900608884; rev:1;) alert tcp $HOME_NET any -> [89.211.209.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.209.105/; sid:900608885; rev:1;) alert tcp $HOME_NET any -> [189.223.134.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.134.157/; sid:900608886; rev:1;) alert tcp $HOME_NET any -> [118.161.37.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900608887; rev:1;) alert tcp $HOME_NET any -> [197.89.8.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.179/; sid:900608888; rev:1;) alert tcp $HOME_NET any -> [83.110.94.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.94.23/; sid:900608889; rev:1;) alert tcp $HOME_NET any -> [5.54.49.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.49.78/; sid:900608890; rev:1;) alert tcp $HOME_NET any -> [45.241.215.15] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.215.15/; sid:900608891; rev:1;) alert tcp $HOME_NET any -> [89.211.185.1] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.185.1/; sid:900608892; rev:1;) alert tcp $HOME_NET any -> [31.215.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.115/; sid:900608893; rev:1;) alert tcp $HOME_NET any -> [39.49.44.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.44.239/; sid:900608894; rev:1;) alert tcp $HOME_NET any -> [113.89.6.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.89.6.31/; sid:900608895; rev:1;) alert tcp $HOME_NET any -> [113.53.145.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.53.145.118/; sid:900608896; rev:1;) alert tcp $HOME_NET any -> [217.165.109.187] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.187/; sid:900608897; rev:1;) alert tcp $HOME_NET any -> [50.2.217.16] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.2.217.16/; sid:900608898; rev:1;) alert tcp $HOME_NET any -> [188.166.217.40] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.217.40/; sid:900608899; rev:1;) alert tcp $HOME_NET any -> [216.10.251.121] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900608900; rev:1;) alert tcp $HOME_NET any -> [79.80.80.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.80.80.29/; sid:900608901; rev:1;) alert tcp $HOME_NET any -> [193.124.206.225] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.206.225/; sid:900608902; rev:1;) alert tcp $HOME_NET any -> [45.10.24.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.10.24.134/; sid:900608903; rev:1;) alert tcp $HOME_NET any -> [51.91.142.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.26/; sid:900608904; rev:1;) alert tcp $HOME_NET any -> [165.227.166.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.166.238/; sid:900608905; rev:1;) alert tcp $HOME_NET any -> [167.172.248.70] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.248.70/; sid:900608906; rev:1;) alert tcp $HOME_NET any -> [92.114.18.20] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.114.18.20/; sid:900608907; rev:1;) alert tcp $HOME_NET any -> [169.45.124.186] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.45.124.186/; sid:900608908; rev:1;) alert tcp $HOME_NET any -> [149.28.156.183] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.156.183/; sid:900608909; rev:1;) alert tcp $HOME_NET any -> [142.93.47.112] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.47.112/; sid:900608910; rev:1;) alert tcp $HOME_NET any -> [39.33.216.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.216.128/; sid:900608912; rev:1;) alert tcp $HOME_NET any -> [180.129.108.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.129.108.214/; sid:900608913; rev:1;) alert tcp $HOME_NET any -> [118.161.37.101] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.161.37.101/; sid:900608914; rev:1;) alert tcp $HOME_NET any -> [173.82.82.196] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.82.82.196/; sid:900608915; rev:1;) alert tcp $HOME_NET any -> [159.89.202.34] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.202.34/; sid:900608916; rev:1;) alert tcp $HOME_NET any -> [165.22.73.229] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.73.229/; sid:900608917; rev:1;) alert tcp $HOME_NET any -> [160.16.143.191] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.143.191/; sid:900608918; rev:1;) alert tcp $HOME_NET any -> [39.44.62.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.62.55/; sid:900608921; rev:1;) alert tcp $HOME_NET any -> [197.94.85.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.85.72/; sid:900608922; rev:1;) alert tcp $HOME_NET any -> [197.87.182.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.35/; sid:900608923; rev:1;) alert tcp $HOME_NET any -> [37.208.155.29] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.155.29/; sid:900608924; rev:1;) alert tcp $HOME_NET any -> [74.14.5.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.5.179/; sid:900608925; rev:1;) alert tcp $HOME_NET any -> [78.101.84.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.84.56/; sid:900608926; rev:1;) alert tcp $HOME_NET any -> [1.161.122.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.122.145/; sid:900608927; rev:1;) alert tcp $HOME_NET any -> [78.180.86.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.86.123/; sid:900608928; rev:1;) alert tcp $HOME_NET any -> [72.27.86.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.86.98/; sid:900608929; rev:1;) alert tcp $HOME_NET any -> [2.50.137.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.155/; sid:900608930; rev:1;) alert tcp $HOME_NET any -> [86.97.11.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.11.30/; sid:900608931; rev:1;) alert tcp $HOME_NET any -> [187.16.64.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.16.64.193/; sid:900608932; rev:1;) alert tcp $HOME_NET any -> [187.172.219.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.219.103/; sid:900608933; rev:1;) alert tcp $HOME_NET any -> [104.168.204.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.204.123/; sid:900608934; rev:1;) alert tcp $HOME_NET any -> [49.12.241.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.12.241.35/; sid:900608935; rev:1;) alert tcp $HOME_NET any -> [79.110.52.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.53/; sid:900608936; rev:1;) alert tcp $HOME_NET any -> [194.135.33.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.137/; sid:900608937; rev:1;) alert tcp $HOME_NET any -> [194.135.33.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.144/; sid:900608938; rev:1;) alert tcp $HOME_NET any -> [192.236.160.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.160.254/; sid:900608939; rev:1;) alert tcp $HOME_NET any -> [192.236.198.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.198.116/; sid:900608940; rev:1;) alert tcp $HOME_NET any -> [192.236.192.85] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.192.85/; sid:900608941; rev:1;) alert tcp $HOME_NET any -> [45.67.231.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.151/; sid:900608942; rev:1;) alert tcp $HOME_NET any -> [45.147.229.23] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.23/; sid:900608943; rev:1;) alert tcp $HOME_NET any -> [176.107.177.124] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.107.177.124/; sid:900608944; rev:1;) alert tcp $HOME_NET any -> [154.56.0.223] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.223/; sid:900608945; rev:1;) alert tcp $HOME_NET any -> [161.97.91.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.97.91.52/; sid:900608946; rev:1;) alert tcp $HOME_NET any -> [23.81.246.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.81.246.187/; sid:900608947; rev:1;) alert tcp $HOME_NET any -> [209.141.37.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.37.189/; sid:900608948; rev:1;) alert tcp $HOME_NET any -> [68.233.238.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.233.238.126/; sid:900608949; rev:1;) alert tcp $HOME_NET any -> [206.54.190.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.54.190.138/; sid:900608950; rev:1;) alert tcp $HOME_NET any -> [206.54.190.170] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.54.190.170/; sid:900608951; rev:1;) alert tcp $HOME_NET any -> [142.11.196.98] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.196.98/; sid:900608952; rev:1;) alert tcp $HOME_NET any -> [23.83.133.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.83.133.13/; sid:900608953; rev:1;) alert tcp $HOME_NET any -> [64.44.141.177] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.141.177/; sid:900608954; rev:1;) alert tcp $HOME_NET any -> [104.168.218.225] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.218.225/; sid:900608955; rev:1;) alert tcp $HOME_NET any -> [142.234.157.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.234.157.93/; sid:900608956; rev:1;) alert tcp $HOME_NET any -> [103.175.16.51] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.51/; sid:900608957; rev:1;) alert tcp $HOME_NET any -> [193.233.202.237] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.233.202.237/; sid:900608958; rev:1;) alert tcp $HOME_NET any -> [103.175.16.38] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.38/; sid:900608959; rev:1;) alert tcp $HOME_NET any -> [89.44.9.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.135/; sid:900608960; rev:1;) alert tcp $HOME_NET any -> [23.227.198.217] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.198.217/; sid:900608961; rev:1;) alert tcp $HOME_NET any -> [64.44.135.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.136/; sid:900608962; rev:1;) alert tcp $HOME_NET any -> [192.236.208.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.208.15/; sid:900608963; rev:1;) alert tcp $HOME_NET any -> [45.153.243.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.93/; sid:900608964; rev:1;) alert tcp $HOME_NET any -> [213.232.235.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.235.199/; sid:900608965; rev:1;) alert tcp $HOME_NET any -> [173.212.228.43] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.228.43/; sid:900608966; rev:1;) alert tcp $HOME_NET any -> [23.82.128.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.128.149/; sid:900608967; rev:1;) alert tcp $HOME_NET any -> [108.62.12.203] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.12.203/; sid:900608968; rev:1;) alert tcp $HOME_NET any -> [23.106.223.130] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.130/; sid:900608969; rev:1;) alert tcp $HOME_NET any -> [45.153.243.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.82/; sid:900608970; rev:1;) alert tcp $HOME_NET any -> [64.44.141.173] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.141.173/; sid:900608971; rev:1;) alert tcp $HOME_NET any -> [23.19.58.251] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.19.58.251/; sid:900608972; rev:1;) alert tcp $HOME_NET any -> [23.106.160.33] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.33/; sid:900608973; rev:1;) alert tcp $HOME_NET any -> [45.66.151.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.151/; sid:900608974; rev:1;) alert tcp $HOME_NET any -> [45.66.151.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.150/; sid:900608975; rev:1;) alert tcp $HOME_NET any -> [91.90.121.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.121.20/; sid:900608976; rev:1;) alert tcp $HOME_NET any -> [91.90.121.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.121.121/; sid:900608977; rev:1;) alert tcp $HOME_NET any -> [23.227.203.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.203.120/; sid:900608978; rev:1;) alert tcp $HOME_NET any -> [146.70.106.92] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.92/; sid:900608979; rev:1;) alert tcp $HOME_NET any -> [51.83.253.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.253.244/; sid:900608980; rev:1;) alert tcp $HOME_NET any -> [154.56.0.218] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.218/; sid:900608981; rev:1;) alert tcp $HOME_NET any -> [146.19.173.152] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.152/; sid:900608982; rev:1;) alert tcp $HOME_NET any -> [23.254.224.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.224.200/; sid:900608983; rev:1;) alert tcp $HOME_NET any -> [23.88.117.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.88.117.246/; sid:900608984; rev:1;) alert tcp $HOME_NET any -> [199.195.252.30] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.252.30/; sid:900608985; rev:1;) alert tcp $HOME_NET any -> [45.67.231.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.123/; sid:900608986; rev:1;) alert tcp $HOME_NET any -> [194.33.40.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.33.40.181/; sid:900608987; rev:1;) alert tcp $HOME_NET any -> [142.11.222.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.222.79/; sid:900608988; rev:1;) alert tcp $HOME_NET any -> [45.66.151.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.59/; sid:900608989; rev:1;) alert tcp $HOME_NET any -> [91.213.8.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.213.8.18/; sid:900608990; rev:1;) alert tcp $HOME_NET any -> [89.44.9.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.167/; sid:900608991; rev:1;) alert tcp $HOME_NET any -> [185.62.58.125] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.125/; sid:900608992; rev:1;) alert tcp $HOME_NET any -> [192.236.162.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.162.127/; sid:900608993; rev:1;) alert tcp $HOME_NET any -> [176.107.187.37] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.107.187.37/; sid:900608994; rev:1;) alert tcp $HOME_NET any -> [54.38.137.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.137.18/; sid:900608995; rev:1;) alert tcp $HOME_NET any -> [146.19.173.220] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.220/; sid:900608996; rev:1;) alert tcp $HOME_NET any -> [23.254.217.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.217.20/; sid:900608997; rev:1;) alert tcp $HOME_NET any -> [185.62.58.238] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.238/; sid:900608998; rev:1;) alert tcp $HOME_NET any -> [145.239.30.26] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.26/; sid:900608999; rev:1;) alert tcp $HOME_NET any -> [54.38.138.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.138.141/; sid:900609000; rev:1;) alert tcp $HOME_NET any -> [167.235.245.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.235.245.35/; sid:900609001; rev:1;) alert tcp $HOME_NET any -> [185.62.56.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.201/; sid:900609002; rev:1;) alert tcp $HOME_NET any -> [146.70.106.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.47/; sid:900609003; rev:1;) alert tcp $HOME_NET any -> [185.62.57.162] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.162/; sid:900609004; rev:1;) alert tcp $HOME_NET any -> [154.56.0.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.201/; sid:900609005; rev:1;) alert tcp $HOME_NET any -> [154.56.0.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.199/; sid:900609006; rev:1;) alert tcp $HOME_NET any -> [92.204.160.92] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.204.160.92/; sid:900609007; rev:1;) alert tcp $HOME_NET any -> [154.56.0.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.221/; sid:900609008; rev:1;) alert tcp $HOME_NET any -> [198.98.59.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.59.195/; sid:900609009; rev:1;) alert tcp $HOME_NET any -> [165.232.89.118] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.89.118/; sid:900609010; rev:1;) alert tcp $HOME_NET any -> [54.38.139.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.139.20/; sid:900609011; rev:1;) alert tcp $HOME_NET any -> [146.19.173.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.195/; sid:900609012; rev:1;) alert tcp $HOME_NET any -> [198.98.62.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.62.156/; sid:900609013; rev:1;) alert tcp $HOME_NET any -> [23.254.227.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.227.144/; sid:900609014; rev:1;) alert tcp $HOME_NET any -> [23.227.202.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.202.179/; sid:900609015; rev:1;) alert tcp $HOME_NET any -> [194.37.97.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.37.97.135/; sid:900609016; rev:1;) alert tcp $HOME_NET any -> [193.239.84.247] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.84.247/; sid:900609017; rev:1;) alert tcp $HOME_NET any -> [145.239.29.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.29.119/; sid:900609018; rev:1;) alert tcp $HOME_NET any -> [198.98.57.91] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.57.91/; sid:900609019; rev:1;) alert tcp $HOME_NET any -> [192.236.194.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.194.136/; sid:900609020; rev:1;) alert tcp $HOME_NET any -> [154.56.0.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.219/; sid:900609021; rev:1;) alert tcp $HOME_NET any -> [192.236.161.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.161.191/; sid:900609022; rev:1;) alert tcp $HOME_NET any -> [104.168.156.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.156.224/; sid:900609023; rev:1;) alert tcp $HOME_NET any -> [64.44.101.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.101.250/; sid:900609024; rev:1;) alert tcp $HOME_NET any -> [149.255.35.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.183/; sid:900609025; rev:1;) alert tcp $HOME_NET any -> [46.21.153.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.246/; sid:900609026; rev:1;) alert tcp $HOME_NET any -> [103.175.16.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.52/; sid:900609027; rev:1;) alert tcp $HOME_NET any -> [103.175.16.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.47/; sid:900609028; rev:1;) alert tcp $HOME_NET any -> [103.175.16.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.117/; sid:900609029; rev:1;) alert tcp $HOME_NET any -> [23.227.198.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.198.241/; sid:900609030; rev:1;) alert tcp $HOME_NET any -> [103.175.16.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.54/; sid:900609031; rev:1;) alert tcp $HOME_NET any -> [63.141.248.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.141.248.253/; sid:900609032; rev:1;) alert tcp $HOME_NET any -> [64.44.102.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.150/; sid:900609033; rev:1;) alert tcp $HOME_NET any -> [103.175.16.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.49/; sid:900609034; rev:1;) alert tcp $HOME_NET any -> [103.175.16.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.59/; sid:900609035; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609036; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609037; rev:1;) alert tcp $HOME_NET any -> [72.252.157.93] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.157.93/; sid:900609038; rev:1;) alert tcp $HOME_NET any -> [185.62.56.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.224/; sid:900609039; rev:1;) alert tcp $HOME_NET any -> [146.70.106.83] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.83/; sid:900609040; rev:1;) alert tcp $HOME_NET any -> [103.175.16.106] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.106/; sid:900609041; rev:1;) alert tcp $HOME_NET any -> [185.156.172.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.156.172.123/; sid:900609042; rev:1;) alert tcp $HOME_NET any -> [64.231.104.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.231.104.242/; sid:900609043; rev:1;) alert tcp $HOME_NET any -> [54.38.136.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.187/; sid:900609044; rev:1;) alert tcp $HOME_NET any -> [37.210.169.150] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.169.150/; sid:900609045; rev:1;) alert tcp $HOME_NET any -> [217.165.109.72] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.72/; sid:900609046; rev:1;) alert tcp $HOME_NET any -> [217.165.176.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.176.49/; sid:900609047; rev:1;) alert tcp $HOME_NET any -> [39.44.206.162] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.206.162/; sid:900609048; rev:1;) alert tcp $HOME_NET any -> [78.176.207.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.176.207.168/; sid:900609049; rev:1;) alert tcp $HOME_NET any -> [31.215.69.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.176/; sid:900609050; rev:1;) alert tcp $HOME_NET any -> [94.36.191.129] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.191.129/; sid:900609051; rev:1;) alert tcp $HOME_NET any -> [191.34.192.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.34.192.119/; sid:900609052; rev:1;) alert tcp $HOME_NET any -> [188.161.200.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.161.200.40/; sid:900609053; rev:1;) alert tcp $HOME_NET any -> [187.208.122.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.122.226/; sid:900609054; rev:1;) alert tcp $HOME_NET any -> [23.254.227.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.227.53/; sid:900609055; rev:1;) alert tcp $HOME_NET any -> [146.19.173.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.202/; sid:900609056; rev:1;) alert tcp $HOME_NET any -> [64.44.102.6] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.6/; sid:900609057; rev:1;) alert tcp $HOME_NET any -> [192.119.64.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.64.21/; sid:900609058; rev:1;) alert tcp $HOME_NET any -> [79.110.52.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.56/; sid:900609059; rev:1;) alert tcp $HOME_NET any -> [1.161.104.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.31/; sid:900609060; rev:1;) alert tcp $HOME_NET any -> [160.20.147.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.20.147.191/; sid:900609061; rev:1;) alert tcp $HOME_NET any -> [146.70.86.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.86.254/; sid:900609062; rev:1;) alert tcp $HOME_NET any -> [185.62.56.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.186/; sid:900609063; rev:1;) alert tcp $HOME_NET any -> [51.75.62.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.62.15/; sid:900609064; rev:1;) alert tcp $HOME_NET any -> [146.19.173.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.227/; sid:900609065; rev:1;) alert tcp $HOME_NET any -> [177.139.44.173] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.139.44.173/; sid:900609066; rev:1;) alert tcp $HOME_NET any -> [217.164.118.38] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.38/; sid:900609067; rev:1;) alert tcp $HOME_NET any -> [217.164.118.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.118.38/; sid:900609068; rev:1;) alert tcp $HOME_NET any -> [177.133.210.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.133.210.218/; sid:900609069; rev:1;) alert tcp $HOME_NET any -> [70.51.135.90] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.135.90/; sid:900609070; rev:1;) alert tcp $HOME_NET any -> [68.233.238.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.233.238.105/; sid:900609071; rev:1;) alert tcp $HOME_NET any -> [64.44.135.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.250/; sid:900609072; rev:1;) alert tcp $HOME_NET any -> [103.175.16.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.121/; sid:900609073; rev:1;) alert tcp $HOME_NET any -> [5.54.53.124] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.53.124/; sid:900609074; rev:1;) alert tcp $HOME_NET any -> [79.110.52.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.71/; sid:900609075; rev:1;) alert tcp $HOME_NET any -> [23.254.229.131] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.229.131/; sid:900609076; rev:1;) alert tcp $HOME_NET any -> [51.75.62.99] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.62.99/; sid:900609077; rev:1;) alert tcp $HOME_NET any -> [146.19.173.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.224/; sid:900609078; rev:1;) alert tcp $HOME_NET any -> [37.72.174.23] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.72.174.23/; sid:900609079; rev:1;) alert tcp $HOME_NET any -> [104.168.245.11] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.245.11/; sid:900609080; rev:1;) alert tcp $HOME_NET any -> [46.21.153.157] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.157/; sid:900609081; rev:1;) alert tcp $HOME_NET any -> [103.175.16.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.107/; sid:900609082; rev:1;) alert tcp $HOME_NET any -> [146.19.253.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.15/; sid:900609083; rev:1;) alert tcp $HOME_NET any -> [79.110.52.236] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.236/; sid:900609084; rev:1;) alert tcp $HOME_NET any -> [1.161.104.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.104.31/; sid:900609085; rev:1;) alert tcp $HOME_NET any -> [64.44.135.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.230/; sid:900609086; rev:1;) alert tcp $HOME_NET any -> [209.141.52.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.52.25/; sid:900609087; rev:1;) alert tcp $HOME_NET any -> [103.175.16.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.108/; sid:900609088; rev:1;) alert tcp $HOME_NET any -> [185.156.172.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.156.172.8/; sid:900609089; rev:1;) alert tcp $HOME_NET any -> [154.56.0.228] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.228/; sid:900609090; rev:1;) alert tcp $HOME_NET any -> [108.174.195.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.195.253/; sid:900609091; rev:1;) alert tcp $HOME_NET any -> [185.62.56.12] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.12/; sid:900609092; rev:1;) alert tcp $HOME_NET any -> [51.68.146.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.146.200/; sid:900609093; rev:1;) alert tcp $HOME_NET any -> [146.70.78.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.78.21/; sid:900609094; rev:1;) alert tcp $HOME_NET any -> [168.119.40.176] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.119.40.176/; sid:900609095; rev:1;) alert tcp $HOME_NET any -> [51.83.254.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.254.164/; sid:900609096; rev:1;) alert tcp $HOME_NET any -> [2.50.137.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.23/; sid:900609097; rev:1;) alert tcp $HOME_NET any -> [89.211.179.247] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.179.247/; sid:900609098; rev:1;) alert tcp $HOME_NET any -> [121.7.223.45] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.45/; sid:900609099; rev:1;) alert tcp $HOME_NET any -> [148.0.61.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.61.36/; sid:900609100; rev:1;) alert tcp $HOME_NET any -> [39.52.80.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.80.230/; sid:900609101; rev:1;) alert tcp $HOME_NET any -> [124.40.244.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.40.244.115/; sid:900609102; rev:1;) alert tcp $HOME_NET any -> [39.44.106.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.106.187/; sid:900609103; rev:1;) alert tcp $HOME_NET any -> [39.49.111.194] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.111.194/; sid:900609104; rev:1;) alert tcp $HOME_NET any -> [45.241.169.86] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.169.86/; sid:900609105; rev:1;) alert tcp $HOME_NET any -> [31.48.174.63] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.48.174.63/; sid:900609106; rev:1;) alert tcp $HOME_NET any -> [1.161.123.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.180/; sid:900609107; rev:1;) alert tcp $HOME_NET any -> [1.161.123.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.180/; sid:900609108; rev:1;) alert tcp $HOME_NET any -> [217.165.97.52] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.97.52/; sid:900609109; rev:1;) alert tcp $HOME_NET any -> [177.205.155.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.155.85/; sid:900609110; rev:1;) alert tcp $HOME_NET any -> [191.112.1.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.1.69/; sid:900609111; rev:1;) alert tcp $HOME_NET any -> [86.97.9.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.9.190/; sid:900609112; rev:1;) alert tcp $HOME_NET any -> [187.208.127.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.127.127/; sid:900609113; rev:1;) alert tcp $HOME_NET any -> [212.114.52.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.114.52.46/; sid:900609115; rev:1;) alert tcp $HOME_NET any -> [146.19.253.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.49/; sid:900609116; rev:1;) alert tcp $HOME_NET any -> [154.56.0.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.231/; sid:900609117; rev:1;) alert tcp $HOME_NET any -> [197.92.129.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.129.0/; sid:900609118; rev:1;) alert tcp $HOME_NET any -> [146.70.53.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.53.183/; sid:900609119; rev:1;) alert tcp $HOME_NET any -> [104.168.164.153] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.164.153/; sid:900609120; rev:1;) alert tcp $HOME_NET any -> [193.27.14.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.27.14.242/; sid:900609121; rev:1;) alert tcp $HOME_NET any -> [197.83.230.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.230.112/; sid:900609122; rev:1;) alert tcp $HOME_NET any -> [46.21.153.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.145/; sid:900609123; rev:1;) alert tcp $HOME_NET any -> [149.255.35.134] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.134/; sid:900609124; rev:1;) alert tcp $HOME_NET any -> [45.147.229.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.50/; sid:900609125; rev:1;) alert tcp $HOME_NET any -> [146.19.173.109] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.109/; sid:900609126; rev:1;) alert tcp $HOME_NET any -> [146.19.253.6] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.6/; sid:900609127; rev:1;) alert tcp $HOME_NET any -> [104.168.174.210] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.174.210/; sid:900609128; rev:1;) alert tcp $HOME_NET any -> [86.98.151.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.151.244/; sid:900609129; rev:1;) alert tcp $HOME_NET any -> [72.27.33.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.33.160/; sid:900609130; rev:1;) alert tcp $HOME_NET any -> [201.145.165.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.165.25/; sid:900609131; rev:1;) alert tcp $HOME_NET any -> [39.44.120.20] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.120.20/; sid:900609132; rev:1;) alert tcp $HOME_NET any -> [197.167.61.123] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.167.61.123/; sid:900609133; rev:1;) alert tcp $HOME_NET any -> [104.244.79.94] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.79.94/; sid:900609134; rev:1;) alert tcp $HOME_NET any -> [157.245.111.0] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.111.0/; sid:900609135; rev:1;) alert tcp $HOME_NET any -> [103.224.241.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.241.74/; sid:900609136; rev:1;) alert tcp $HOME_NET any -> [51.83.251.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.251.245/; sid:900609137; rev:1;) alert tcp $HOME_NET any -> [185.62.56.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.21/; sid:900609138; rev:1;) alert tcp $HOME_NET any -> [154.56.0.236] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.236/; sid:900609139; rev:1;) alert tcp $HOME_NET any -> [177.94.57.126] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.57.126/; sid:900609140; rev:1;) alert tcp $HOME_NET any -> [37.120.198.248] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.198.248/; sid:900609141; rev:1;) alert tcp $HOME_NET any -> [192.236.249.68] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.249.68/; sid:900609142; rev:1;) alert tcp $HOME_NET any -> [146.19.173.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.139/; sid:900609143; rev:1;) alert tcp $HOME_NET any -> [217.165.84.153] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.153/; sid:900609144; rev:1;) alert tcp $HOME_NET any -> [197.89.128.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.128.212/; sid:900609145; rev:1;) alert tcp $HOME_NET any -> [45.147.229.223] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.223/; sid:900609146; rev:1;) alert tcp $HOME_NET any -> [185.62.58.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.126/; sid:900609147; rev:1;) alert tcp $HOME_NET any -> [154.56.0.238] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.238/; sid:900609148; rev:1;) alert tcp $HOME_NET any -> [207.180.241.186] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.241.186/; sid:900609149; rev:1;) alert tcp $HOME_NET any -> [41.73.252.195] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.73.252.195/; sid:900609150; rev:1;) alert tcp $HOME_NET any -> [193.239.84.254] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.84.254/; sid:900609151; rev:1;) alert tcp $HOME_NET any -> [45.147.229.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.101/; sid:900609152; rev:1;) alert tcp $HOME_NET any -> [51.68.147.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.147.233/; sid:900609153; rev:1;) alert tcp $HOME_NET any -> [185.62.56.128] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.128/; sid:900609154; rev:1;) alert tcp $HOME_NET any -> [51.83.250.240] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.240/; sid:900609155; rev:1;) alert tcp $HOME_NET any -> [103.144.139.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.18/; sid:900609156; rev:1;) alert tcp $HOME_NET any -> [179.100.20.32] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.100.20.32/; sid:900609157; rev:1;) alert tcp $HOME_NET any -> [185.62.57.19] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.19/; sid:900609158; rev:1;) alert tcp $HOME_NET any -> [162.243.103.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.103.246/; sid:900609159; rev:1;) alert tcp $HOME_NET any -> [104.237.145.172] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.237.145.172/; sid:900609160; rev:1;) alert tcp $HOME_NET any -> [45.55.134.126] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900609161; rev:1;) alert tcp $HOME_NET any -> [198.211.118.165] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.211.118.165/; sid:900609162; rev:1;) alert tcp $HOME_NET any -> [161.35.96.229] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.96.229/; sid:900609163; rev:1;) alert tcp $HOME_NET any -> [207.154.208.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900609164; rev:1;) alert tcp $HOME_NET any -> [134.209.164.181] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.164.181/; sid:900609165; rev:1;) alert tcp $HOME_NET any -> [203.217.140.239] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.140.239/; sid:900609166; rev:1;) alert tcp $HOME_NET any -> [58.96.74.42] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.96.74.42/; sid:900609167; rev:1;) alert tcp $HOME_NET any -> [218.38.121.17] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.121.17/; sid:900609168; rev:1;) alert tcp $HOME_NET any -> [45.153.240.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.139/; sid:900609169; rev:1;) alert tcp $HOME_NET any -> [51.68.144.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.144.94/; sid:900609170; rev:1;) alert tcp $HOME_NET any -> [79.110.52.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.110.52.104/; sid:900609171; rev:1;) alert tcp $HOME_NET any -> [146.19.173.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.116/; sid:900609172; rev:1;) alert tcp $HOME_NET any -> [146.70.95.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.95.244/; sid:900609173; rev:1;) alert tcp $HOME_NET any -> [154.56.0.240] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.240/; sid:900609174; rev:1;) alert tcp $HOME_NET any -> [185.62.58.169] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.169/; sid:900609175; rev:1;) alert tcp $HOME_NET any -> [198.27.67.35] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900609176; rev:1;) alert tcp $HOME_NET any -> [165.227.153.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.153.100/; sid:900609177; rev:1;) alert tcp $HOME_NET any -> [190.107.19.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.107.19.180/; sid:900609178; rev:1;) alert tcp $HOME_NET any -> [194.163.154.164] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.163.154.164/; sid:900609179; rev:1;) alert tcp $HOME_NET any -> [34.85.105.209] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.85.105.209/; sid:900609180; rev:1;) alert tcp $HOME_NET any -> [212.7.211.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.7.211.113/; sid:900609181; rev:1;) alert tcp $HOME_NET any -> [31.22.4.160] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.22.4.160/; sid:900609182; rev:1;) alert tcp $HOME_NET any -> [45.186.16.18] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.186.16.18/; sid:900609183; rev:1;) alert tcp $HOME_NET any -> [45.153.240.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.155/; sid:900609184; rev:1;) alert tcp $HOME_NET any -> [54.37.130.166] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.166/; sid:900609185; rev:1;) alert tcp $HOME_NET any -> [142.11.196.174] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.196.174/; sid:900609186; rev:1;) alert tcp $HOME_NET any -> [173.249.25.219] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.25.219/; sid:900609187; rev:1;) alert tcp $HOME_NET any -> [212.83.184.188] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.184.188/; sid:900609188; rev:1;) alert tcp $HOME_NET any -> [82.223.82.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.223.82.69/; sid:900609189; rev:1;) alert tcp $HOME_NET any -> [128.199.225.17] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.225.17/; sid:900609190; rev:1;) alert tcp $HOME_NET any -> [178.128.27.77] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.27.77/; sid:900609191; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900609192; rev:1;) alert tcp $HOME_NET any -> [103.159.224.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.159.224.46/; sid:900609193; rev:1;) alert tcp $HOME_NET any -> [154.56.0.214] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.214/; sid:900609194; rev:1;) alert tcp $HOME_NET any -> [88.224.254.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.224.254.172/; sid:900609195; rev:1;) alert tcp $HOME_NET any -> [197.89.8.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.8.51/; sid:900609196; rev:1;) alert tcp $HOME_NET any -> [201.142.177.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.177.168/; sid:900609197; rev:1;) alert tcp $HOME_NET any -> [148.0.56.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.56.63/; sid:900609198; rev:1;) alert tcp $HOME_NET any -> [217.164.121.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.121.161/; sid:900609199; rev:1;) alert tcp $HOME_NET any -> [23.254.201.97] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.201.97/; sid:900609200; rev:1;) alert tcp $HOME_NET any -> [194.135.33.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.149/; sid:900609201; rev:1;) alert tcp $HOME_NET any -> [154.56.0.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.241/; sid:900609202; rev:1;) alert tcp $HOME_NET any -> [39.49.96.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.96.122/; sid:900609203; rev:1;) alert tcp $HOME_NET any -> [104.236.40.81] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.40.81/; sid:900609204; rev:1;) alert tcp $HOME_NET any -> [138.197.68.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.68.35/; sid:900609205; rev:1;) alert tcp $HOME_NET any -> [146.70.104.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.104.250/; sid:900609206; rev:1;) alert tcp $HOME_NET any -> [185.62.58.133] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.133/; sid:900609207; rev:1;) alert tcp $HOME_NET any -> [154.56.0.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.242/; sid:900609208; rev:1;) alert tcp $HOME_NET any -> [39.44.213.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.213.68/; sid:900609209; rev:1;) alert tcp $HOME_NET any -> [197.164.182.46] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.164.182.46/; sid:900609211; rev:1;) alert tcp $HOME_NET any -> [94.36.193.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.193.176/; sid:900609212; rev:1;) alert tcp $HOME_NET any -> [54.37.131.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.107/; sid:900609213; rev:1;) alert tcp $HOME_NET any -> [54.37.130.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.77/; sid:900609214; rev:1;) alert tcp $HOME_NET any -> [185.62.58.222] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.222/; sid:900609215; rev:1;) alert tcp $HOME_NET any -> [88.232.220.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.232.220.207/; sid:900609216; rev:1;) alert tcp $HOME_NET any -> [41.84.236.245] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.236.245/; sid:900609217; rev:1;) alert tcp $HOME_NET any -> [39.49.101.104] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.101.104/; sid:900609218; rev:1;) alert tcp $HOME_NET any -> [189.78.107.163] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.78.107.163/; sid:900609219; rev:1;) alert tcp $HOME_NET any -> [37.210.170.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.170.123/; sid:900609220; rev:1;) alert tcp $HOME_NET any -> [191.34.120.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.34.120.8/; sid:900609221; rev:1;) alert tcp $HOME_NET any -> [37.208.135.172] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.135.172/; sid:900609222; rev:1;) alert tcp $HOME_NET any -> [31.215.185.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.26/; sid:900609223; rev:1;) alert tcp $HOME_NET any -> [191.112.12.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.12.128/; sid:900609224; rev:1;) alert tcp $HOME_NET any -> [51.161.73.194] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.161.73.194/; sid:900609226; rev:1;) alert tcp $HOME_NET any -> [157.245.196.132] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.196.132/; sid:900609227; rev:1;) alert tcp $HOME_NET any -> [201.103.141.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.141.2/; sid:900609228; rev:1;) alert tcp $HOME_NET any -> [198.199.70.22] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900609229; rev:1;) alert tcp $HOME_NET any -> [165.22.254.68] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.254.68/; sid:900609230; rev:1;) alert tcp $HOME_NET any -> [217.165.109.10] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.109.10/; sid:900609232; rev:1;) alert tcp $HOME_NET any -> [213.232.235.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.235.227/; sid:900609233; rev:1;) alert tcp $HOME_NET any -> [83.110.92.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.92.106/; sid:900609234; rev:1;) alert tcp $HOME_NET any -> [1.161.123.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.53/; sid:900609235; rev:1;) alert tcp $HOME_NET any -> [45.153.240.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.240.56/; sid:900609236; rev:1;) alert tcp $HOME_NET any -> [45.150.67.154] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.150.67.154/; sid:900609237; rev:1;) alert tcp $HOME_NET any -> [154.56.0.215] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.215/; sid:900609238; rev:1;) alert tcp $HOME_NET any -> [185.62.57.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.20/; sid:900609239; rev:1;) alert tcp $HOME_NET any -> [146.70.104.229] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.104.229/; sid:900609240; rev:1;) alert tcp $HOME_NET any -> [39.44.235.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.235.10/; sid:900609241; rev:1;) alert tcp $HOME_NET any -> [194.135.33.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.16/; sid:900609242; rev:1;) alert tcp $HOME_NET any -> [45.138.172.22] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.172.22/; sid:900609243; rev:1;) alert tcp $HOME_NET any -> [141.98.168.70] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.98.168.70/; sid:900609244; rev:1;) alert tcp $HOME_NET any -> [1.161.123.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.123.53/; sid:900609245; rev:1;) alert tcp $HOME_NET any -> [195.133.192.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.105/; sid:900609246; rev:1;) alert tcp $HOME_NET any -> [142.11.206.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.206.199/; sid:900609247; rev:1;) alert tcp $HOME_NET any -> [78.101.91.101] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.91.101/; sid:900609248; rev:1;) alert tcp $HOME_NET any -> [78.177.60.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.177.60.224/; sid:900609249; rev:1;) alert tcp $HOME_NET any -> [39.44.215.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.215.70/; sid:900609250; rev:1;) alert tcp $HOME_NET any -> [197.87.182.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.115/; sid:900609251; rev:1;) alert tcp $HOME_NET any -> [197.94.94.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.94.206/; sid:900609252; rev:1;) alert tcp $HOME_NET any -> [45.142.214.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.214.167/; sid:900609253; rev:1;) alert tcp $HOME_NET any -> [86.132.14.70] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.14.70/; sid:900609254; rev:1;) alert tcp $HOME_NET any -> [41.84.246.251] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.246.251/; sid:900609255; rev:1;) alert tcp $HOME_NET any -> [191.112.4.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.4.17/; sid:900609256; rev:1;) alert tcp $HOME_NET any -> [189.223.102.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.102.22/; sid:900609257; rev:1;) alert tcp $HOME_NET any -> [217.165.84.253] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.253/; sid:900609258; rev:1;) alert tcp $HOME_NET any -> [187.149.236.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.236.5/; sid:900609259; rev:1;) alert tcp $HOME_NET any -> [45.147.231.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.231.202/; sid:900609260; rev:1;) alert tcp $HOME_NET any -> [185.62.57.27] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.27/; sid:900609261; rev:1;) alert tcp $HOME_NET any -> [51.68.145.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.145.54/; sid:900609262; rev:1;) alert tcp $HOME_NET any -> [193.233.203.243] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.233.203.243/; sid:900609263; rev:1;) alert tcp $HOME_NET any -> [173.249.2.236] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.2.236/; sid:900609264; rev:1;) alert tcp $HOME_NET any -> [151.80.62.92] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.62.92/; sid:900609265; rev:1;) alert tcp $HOME_NET any -> [45.93.136.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.93.136.110/; sid:900609266; rev:1;) alert tcp $HOME_NET any -> [148.0.55.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.55.173/; sid:900609267; rev:1;) alert tcp $HOME_NET any -> [41.84.249.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.249.88/; sid:900609268; rev:1;) alert tcp $HOME_NET any -> [191.112.21.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.21.157/; sid:900609269; rev:1;) alert tcp $HOME_NET any -> [144.91.78.55] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.78.55/; sid:900609270; rev:1;) alert tcp $HOME_NET any -> [172.105.226.75] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.226.75/; sid:900609271; rev:1;) alert tcp $HOME_NET any -> [167.86.75.145] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.75.145/; sid:900609272; rev:1;) alert tcp $HOME_NET any -> [37.187.114.15] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.114.15/; sid:900609273; rev:1;) alert tcp $HOME_NET any -> [190.107.19.179] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.107.19.179/; sid:900609274; rev:1;) alert tcp $HOME_NET any -> [122.118.131.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.118.131.132/; sid:900609275; rev:1;) alert tcp $HOME_NET any -> [222.169.71.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.169.71.98/; sid:900609276; rev:1;) alert tcp $HOME_NET any -> [185.62.57.182] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.182/; sid:900609277; rev:1;) alert tcp $HOME_NET any -> [185.250.148.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.148.136/; sid:900609278; rev:1;) alert tcp $HOME_NET any -> [158.69.98.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.98.105/; sid:900609279; rev:1;) alert tcp $HOME_NET any -> [86.97.247.161] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.161/; sid:900609280; rev:1;) alert tcp $HOME_NET any -> [86.97.247.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.247.161/; sid:900609281; rev:1;) alert tcp $HOME_NET any -> [146.70.124.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.77/; sid:900609282; rev:1;) alert tcp $HOME_NET any -> [187.208.115.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.115.219/; sid:900609283; rev:1;) alert tcp $HOME_NET any -> [177.156.75.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.156.75.107/; sid:900609284; rev:1;) alert tcp $HOME_NET any -> [187.250.202.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.202.2/; sid:900609285; rev:1;) alert tcp $HOME_NET any -> [69.63.64.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.63.64.48/; sid:900609286; rev:1;) alert tcp $HOME_NET any -> [201.73.143.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.73.143.120/; sid:900609287; rev:1;) alert tcp $HOME_NET any -> [154.56.0.252] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.252/; sid:900609288; rev:1;) alert tcp $HOME_NET any -> [104.168.219.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.219.94/; sid:900609289; rev:1;) alert tcp $HOME_NET any -> [45.153.241.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.187/; sid:900609290; rev:1;) alert tcp $HOME_NET any -> [183.87.16.11] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.16.11/; sid:900609291; rev:1;) alert tcp $HOME_NET any -> [31.215.69.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.69.187/; sid:900609292; rev:1;) alert tcp $HOME_NET any -> [31.215.214.175] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.214.175/; sid:900609293; rev:1;) alert tcp $HOME_NET any -> [146.19.173.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.186/; sid:900609294; rev:1;) alert tcp $HOME_NET any -> [145.239.28.110] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.28.110/; sid:900609295; rev:1;) alert tcp $HOME_NET any -> [45.84.0.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.84.0.13/; sid:900609296; rev:1;) alert tcp $HOME_NET any -> [39.44.83.200] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.83.200/; sid:900609297; rev:1;) alert tcp $HOME_NET any -> [78.189.136.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.136.231/; sid:900609298; rev:1;) alert tcp $HOME_NET any -> [197.89.21.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.21.195/; sid:900609299; rev:1;) alert tcp $HOME_NET any -> [54.37.136.187] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.136.187/; sid:900609300; rev:1;) alert tcp $HOME_NET any -> [206.189.40.42] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.40.42/; sid:900609301; rev:1;) alert tcp $HOME_NET any -> [135.148.6.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.148.6.80/; sid:900609302; rev:1;) alert tcp $HOME_NET any -> [139.162.113.169] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.113.169/; sid:900609303; rev:1;) alert tcp $HOME_NET any -> [146.70.124.90] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.90/; sid:900609304; rev:1;) alert tcp $HOME_NET any -> [185.62.58.209] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.209/; sid:900609305; rev:1;) alert tcp $HOME_NET any -> [154.56.0.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.100/; sid:900609306; rev:1;) alert tcp $HOME_NET any -> [46.101.234.246] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.234.246/; sid:900609307; rev:1;) alert tcp $HOME_NET any -> [77.72.149.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.149.48/; sid:900609308; rev:1;) alert tcp $HOME_NET any -> [192.236.192.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.192.164/; sid:900609309; rev:1;) alert tcp $HOME_NET any -> [154.56.0.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.102/; sid:900609310; rev:1;) alert tcp $HOME_NET any -> [154.56.0.248] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.248/; sid:900609311; rev:1;) alert tcp $HOME_NET any -> [83.110.91.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.91.151/; sid:900609312; rev:1;) alert tcp $HOME_NET any -> [45.153.241.234] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.234/; sid:900609313; rev:1;) alert tcp $HOME_NET any -> [146.19.173.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.105/; sid:900609314; rev:1;) alert tcp $HOME_NET any -> [142.11.216.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.216.143/; sid:900609315; rev:1;) alert tcp $HOME_NET any -> [51.210.158.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.158.156/; sid:900609316; rev:1;) alert tcp $HOME_NET any -> [146.70.125.122] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.122/; sid:900609317; rev:1;) alert tcp $HOME_NET any -> [45.138.172.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.172.246/; sid:900609319; rev:1;) alert tcp $HOME_NET any -> [146.19.173.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.233/; sid:900609320; rev:1;) alert tcp $HOME_NET any -> [145.239.30.73] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.73/; sid:900609321; rev:1;) alert tcp $HOME_NET any -> [213.226.100.95] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.100.95/; sid:900609322; rev:1;) alert tcp $HOME_NET any -> [85.239.33.172] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.33.172/; sid:900609323; rev:1;) alert tcp $HOME_NET any -> [213.232.235.90] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.235.90/; sid:900609324; rev:1;) alert tcp $HOME_NET any -> [37.221.67.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.221.67.104/; sid:900609325; rev:1;) alert tcp $HOME_NET any -> [146.70.124.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.116/; sid:900609326; rev:1;) alert tcp $HOME_NET any -> [185.62.56.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.181/; sid:900609327; rev:1;) alert tcp $HOME_NET any -> [45.147.229.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.199/; sid:900609328; rev:1;) alert tcp $HOME_NET any -> [77.200.155.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.200.155.99/; sid:900609329; rev:1;) alert tcp $HOME_NET any -> [98.50.191.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.50.191.202/; sid:900609330; rev:1;) alert tcp $HOME_NET any -> [146.19.173.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.46/; sid:900609331; rev:1;) alert tcp $HOME_NET any -> [188.119.112.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.119.112.143/; sid:900609332; rev:1;) alert tcp $HOME_NET any -> [108.62.118.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.221/; sid:900609333; rev:1;) alert tcp $HOME_NET any -> [23.82.141.11] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.141.11/; sid:900609334; rev:1;) alert tcp $HOME_NET any -> [172.93.181.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.181.233/; sid:900609335; rev:1;) alert tcp $HOME_NET any -> [194.104.136.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.104.136.155/; sid:900609336; rev:1;) alert tcp $HOME_NET any -> [154.56.0.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.108/; sid:900609337; rev:1;) alert tcp $HOME_NET any -> [90.120.209.197] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.120.209.197/; sid:900609338; rev:1;) alert tcp $HOME_NET any -> [94.59.252.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.252.166/; sid:900609339; rev:1;) alert tcp $HOME_NET any -> [87.109.229.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.109.229.215/; sid:900609340; rev:1;) alert tcp $HOME_NET any -> [148.0.46.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.0.46.240/; sid:900609341; rev:1;) alert tcp $HOME_NET any -> [100.38.242.113] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.38.242.113/; sid:900609342; rev:1;) alert tcp $HOME_NET any -> [177.45.64.254] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.45.64.254/; sid:900609343; rev:1;) alert tcp $HOME_NET any -> [92.137.225.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.137.225.8/; sid:900609344; rev:1;) alert tcp $HOME_NET any -> [70.51.132.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.161/; sid:900609345; rev:1;) alert tcp $HOME_NET any -> [45.153.241.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.120/; sid:900609346; rev:1;) alert tcp $HOME_NET any -> [146.19.173.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.191/; sid:900609347; rev:1;) alert tcp $HOME_NET any -> [146.70.125.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.121/; sid:900609348; rev:1;) alert tcp $HOME_NET any -> [185.62.57.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.25/; sid:900609349; rev:1;) alert tcp $HOME_NET any -> [94.103.188.112] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.188.112/; sid:900609350; rev:1;) alert tcp $HOME_NET any -> [194.104.136.152] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.104.136.152/; sid:900609351; rev:1;) alert tcp $HOME_NET any -> [154.56.0.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.111/; sid:900609352; rev:1;) alert tcp $HOME_NET any -> [51.83.254.3] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.254.3/; sid:900609353; rev:1;) alert tcp $HOME_NET any -> [104.168.174.159] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.174.159/; sid:900609354; rev:1;) alert tcp $HOME_NET any -> [68.204.15.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.204.15.28/; sid:900609355; rev:1;) alert tcp $HOME_NET any -> [81.193.30.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.193.30.90/; sid:900609356; rev:1;) alert tcp $HOME_NET any -> [1.161.124.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.124.241/; sid:900609357; rev:1;) alert tcp $HOME_NET any -> [86.98.157.42] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.42/; sid:900609358; rev:1;) alert tcp $HOME_NET any -> [176.205.21.139] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.21.139/; sid:900609359; rev:1;) alert tcp $HOME_NET any -> [176.205.21.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.205.21.139/; sid:900609360; rev:1;) alert tcp $HOME_NET any -> [88.251.195.142] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.251.195.142/; sid:900609361; rev:1;) alert tcp $HOME_NET any -> [45.241.205.91] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.205.91/; sid:900609362; rev:1;) alert tcp $HOME_NET any -> [1.161.124.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.124.241/; sid:900609363; rev:1;) alert tcp $HOME_NET any -> [37.221.67.122] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.221.67.122/; sid:900609364; rev:1;) alert tcp $HOME_NET any -> [162.252.222.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.252.222.118/; sid:900609365; rev:1;) alert tcp $HOME_NET any -> [39.57.60.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.60.246/; sid:900609366; rev:1;) alert tcp $HOME_NET any -> [197.89.128.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.128.138/; sid:900609367; rev:1;) alert tcp $HOME_NET any -> [176.45.232.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.232.204/; sid:900609368; rev:1;) alert tcp $HOME_NET any -> [51.83.255.232] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.255.232/; sid:900609369; rev:1;) alert tcp $HOME_NET any -> [146.70.124.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.79/; sid:900609370; rev:1;) alert tcp $HOME_NET any -> [185.62.58.60] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.60/; sid:900609371; rev:1;) alert tcp $HOME_NET any -> [194.33.40.208] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.33.40.208/; sid:900609372; rev:1;) alert tcp $HOME_NET any -> [192.119.72.160] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.72.160/; sid:900609373; rev:1;) alert tcp $HOME_NET any -> [184.97.29.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.97.29.26/; sid:900609374; rev:1;) alert tcp $HOME_NET any -> [185.62.56.129] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.129/; sid:900609375; rev:1;) alert tcp $HOME_NET any -> [152.89.247.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.247.79/; sid:900609376; rev:1;) alert tcp $HOME_NET any -> [23.29.115.172] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.29.115.172/; sid:900609377; rev:1;) alert tcp $HOME_NET any -> [78.176.146.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.176.146.141/; sid:900609378; rev:1;) alert tcp $HOME_NET any -> [45.241.231.78] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.231.78/; sid:900609379; rev:1;) alert tcp $HOME_NET any -> [217.165.85.191] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.191/; sid:900609380; rev:1;) alert tcp $HOME_NET any -> [31.215.184.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.184.140/; sid:900609381; rev:1;) alert tcp $HOME_NET any -> [88.234.116.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.116.71/; sid:900609382; rev:1;) alert tcp $HOME_NET any -> [39.49.85.29] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.85.29/; sid:900609383; rev:1;) alert tcp $HOME_NET any -> [191.112.28.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.112.28.64/; sid:900609384; rev:1;) alert tcp $HOME_NET any -> [47.156.129.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.129.52/; sid:900609385; rev:1;) alert tcp $HOME_NET any -> [54.38.136.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.111/; sid:900609386; rev:1;) alert tcp $HOME_NET any -> [192.119.77.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.77.241/; sid:900609387; rev:1;) alert tcp $HOME_NET any -> [146.70.124.97] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.97/; sid:900609388; rev:1;) alert tcp $HOME_NET any -> [51.83.253.131] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.253.131/; sid:900609389; rev:1;) alert tcp $HOME_NET any -> [104.168.201.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.201.219/; sid:900609390; rev:1;) alert tcp $HOME_NET any -> [146.19.173.207] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.207/; sid:900609391; rev:1;) alert tcp $HOME_NET any -> [39.44.30.209] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.30.209/; sid:900609392; rev:1;) alert tcp $HOME_NET any -> [88.241.122.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.241.122.55/; sid:900609393; rev:1;) alert tcp $HOME_NET any -> [94.59.15.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.15.180/; sid:900609394; rev:1;) alert tcp $HOME_NET any -> [39.49.71.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.71.64/; sid:900609395; rev:1;) alert tcp $HOME_NET any -> [189.159.125.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.125.57/; sid:900609396; rev:1;) alert tcp $HOME_NET any -> [217.164.121.25] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.164.121.25/; sid:900609397; rev:1;) alert tcp $HOME_NET any -> [152.89.247.212] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.247.212/; sid:900609398; rev:1;) alert tcp $HOME_NET any -> [172.93.181.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.181.93/; sid:900609399; rev:1;) alert tcp $HOME_NET any -> [185.62.58.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.155/; sid:900609400; rev:1;) alert tcp $HOME_NET any -> [209.141.58.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.141/; sid:900609401; rev:1;) alert tcp $HOME_NET any -> [193.233.203.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.233.203.156/; sid:900609402; rev:1;) alert tcp $HOME_NET any -> [145.239.135.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.135.155/; sid:900609403; rev:1;) alert tcp $HOME_NET any -> [146.70.125.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.82/; sid:900609404; rev:1;) alert tcp $HOME_NET any -> [187.172.164.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.164.12/; sid:900609405; rev:1;) alert tcp $HOME_NET any -> [86.200.151.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.200.151.188/; sid:900609406; rev:1;) alert tcp $HOME_NET any -> [86.97.10.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.10.91/; sid:900609407; rev:1;) alert tcp $HOME_NET any -> [129.208.158.180] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.158.180/; sid:900609408; rev:1;) alert tcp $HOME_NET any -> [81.132.186.218] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.132.186.218/; sid:900609409; rev:1;) alert tcp $HOME_NET any -> [54.37.131.14] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.14/; sid:900609410; rev:1;) alert tcp $HOME_NET any -> [192.119.77.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.77.100/; sid:900609411; rev:1;) alert tcp $HOME_NET any -> [146.19.253.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.56/; sid:900609412; rev:1;) alert tcp $HOME_NET any -> [146.70.106.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.52/; sid:900609413; rev:1;) alert tcp $HOME_NET any -> [185.62.58.175] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.175/; sid:900609414; rev:1;) alert tcp $HOME_NET any -> [154.56.0.112] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.112/; sid:900609415; rev:1;) alert tcp $HOME_NET any -> [1.161.81.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.81.21/; sid:900609416; rev:1;) alert tcp $HOME_NET any -> [1.161.81.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.81.21/; sid:900609417; rev:1;) alert tcp $HOME_NET any -> [45.241.173.232] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.173.232/; sid:900609418; rev:1;) alert tcp $HOME_NET any -> [81.214.215.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.215.234/; sid:900609419; rev:1;) alert tcp $HOME_NET any -> [70.51.133.230] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.133.230/; sid:900609420; rev:1;) alert tcp $HOME_NET any -> [177.45.18.42] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.45.18.42/; sid:900609421; rev:1;) alert tcp $HOME_NET any -> [45.153.241.64] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.64/; sid:900609422; rev:1;) alert tcp $HOME_NET any -> [209.141.49.203] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.49.203/; sid:900609423; rev:1;) alert tcp $HOME_NET any -> [217.165.84.103] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.103/; sid:900609424; rev:1;) alert tcp $HOME_NET any -> [108.62.118.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.145/; sid:900609425; rev:1;) alert tcp $HOME_NET any -> [172.93.193.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.187/; sid:900609426; rev:1;) alert tcp $HOME_NET any -> [31.215.185.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.136/; sid:900609427; rev:1;) alert tcp $HOME_NET any -> [129.208.0.52] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.0.52/; sid:900609428; rev:1;) alert tcp $HOME_NET any -> [31.215.98.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.98.8/; sid:900609429; rev:1;) alert tcp $HOME_NET any -> [201.172.20.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.20.167/; sid:900609430; rev:1;) alert tcp $HOME_NET any -> [45.153.241.19] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.19/; sid:900609431; rev:1;) alert tcp $HOME_NET any -> [185.62.57.166] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.166/; sid:900609432; rev:1;) alert tcp $HOME_NET any -> [194.135.33.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.120/; sid:900609433; rev:1;) alert tcp $HOME_NET any -> [146.70.125.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.120/; sid:900609434; rev:1;) alert tcp $HOME_NET any -> [23.82.140.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.140.155/; sid:900609435; rev:1;) alert tcp $HOME_NET any -> [54.38.136.209] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.209/; sid:900609436; rev:1;) alert tcp $HOME_NET any -> [39.44.151.234] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.151.234/; sid:900609437; rev:1;) alert tcp $HOME_NET any -> [146.19.173.155] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.155/; sid:900609438; rev:1;) alert tcp $HOME_NET any -> [54.38.138.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.138.94/; sid:900609439; rev:1;) alert tcp $HOME_NET any -> [209.141.46.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.46.50/; sid:900609440; rev:1;) alert tcp $HOME_NET any -> [23.19.58.212] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.19.58.212/; sid:900609441; rev:1;) alert tcp $HOME_NET any -> [45.153.242.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.242.100/; sid:900609442; rev:1;) alert tcp $HOME_NET any -> [146.19.173.184] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.184/; sid:900609443; rev:1;) alert tcp $HOME_NET any -> [172.93.193.188] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.188/; sid:900609444; rev:1;) alert tcp $HOME_NET any -> [209.141.51.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.51.187/; sid:900609445; rev:1;) alert tcp $HOME_NET any -> [154.56.0.113] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.113/; sid:900609446; rev:1;) alert tcp $HOME_NET any -> [217.165.157.202] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.157.202/; sid:900609447; rev:1;) alert tcp $HOME_NET any -> [37.186.58.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.58.99/; sid:900609448; rev:1;) alert tcp $HOME_NET any -> [213.239.212.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.239.212.5/; sid:900609449; rev:1;) alert tcp $HOME_NET any -> [188.165.79.151] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.79.151/; sid:900609450; rev:1;) alert tcp $HOME_NET any -> [159.8.59.84] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900609451; rev:1;) alert tcp $HOME_NET any -> [45.93.136.110] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.93.136.110/; sid:900609452; rev:1;) alert tcp $HOME_NET any -> [212.98.224.97] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.98.224.97/; sid:900609453; rev:1;) alert tcp $HOME_NET any -> [45.55.191.130] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.191.130/; sid:900609454; rev:1;) alert tcp $HOME_NET any -> [174.138.33.49] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.138.33.49/; sid:900609455; rev:1;) alert tcp $HOME_NET any -> [5.253.30.17] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.30.17/; sid:900609456; rev:1;) alert tcp $HOME_NET any -> [34.80.191.247] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.80.191.247/; sid:900609457; rev:1;) alert tcp $HOME_NET any -> [104.168.155.143] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.143/; sid:900609458; rev:1;) alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900609459; rev:1;) alert tcp $HOME_NET any -> [131.100.24.199] 4143 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900609460; rev:1;) alert tcp $HOME_NET any -> [128.199.93.156] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.93.156/; sid:900609461; rev:1;) alert tcp $HOME_NET any -> [201.73.143.120] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.73.143.120/; sid:900609462; rev:1;) alert tcp $HOME_NET any -> [96.125.171.165] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.125.171.165/; sid:900609463; rev:1;) alert tcp $HOME_NET any -> [51.210.176.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.176.76/; sid:900609464; rev:1;) alert tcp $HOME_NET any -> [103.159.224.46] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.159.224.46/; sid:900609465; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900609467; rev:1;) alert tcp $HOME_NET any -> [217.165.146.249] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.249/; sid:900609468; rev:1;) alert tcp $HOME_NET any -> [187.211.79.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.211.79.230/; sid:900609469; rev:1;) alert tcp $HOME_NET any -> [86.97.209.157] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.209.157/; sid:900609470; rev:1;) alert tcp $HOME_NET any -> [178.128.31.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.31.80/; sid:900609471; rev:1;) alert tcp $HOME_NET any -> [178.128.82.218] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.82.218/; sid:900609472; rev:1;) alert tcp $HOME_NET any -> [128.199.225.17] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.225.17/; sid:900609473; rev:1;) alert tcp $HOME_NET any -> [161.97.68.105] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.97.68.105/; sid:900609474; rev:1;) alert tcp $HOME_NET any -> [146.59.151.250] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.151.250/; sid:900609475; rev:1;) alert tcp $HOME_NET any -> [142.11.212.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.212.144/; sid:900609476; rev:1;) alert tcp $HOME_NET any -> [154.56.0.114] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.114/; sid:900609477; rev:1;) alert tcp $HOME_NET any -> [185.62.58.207] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.58.207/; sid:900609478; rev:1;) alert tcp $HOME_NET any -> [1.161.72.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.72.70/; sid:900609479; rev:1;) alert tcp $HOME_NET any -> [1.161.72.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.72.70/; sid:900609480; rev:1;) alert tcp $HOME_NET any -> [146.19.173.24] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.24/; sid:900609481; rev:1;) alert tcp $HOME_NET any -> [64.190.113.5] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.190.113.5/; sid:900609482; rev:1;) alert tcp $HOME_NET any -> [146.70.125.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.102/; sid:900609483; rev:1;) alert tcp $HOME_NET any -> [185.62.56.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.56.137/; sid:900609484; rev:1;) alert tcp $HOME_NET any -> [198.98.55.160] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.55.160/; sid:900609485; rev:1;) alert tcp $HOME_NET any -> [103.175.16.5] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.5/; sid:900609486; rev:1;) alert tcp $HOME_NET any -> [142.186.49.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.186.49.224/; sid:900609487; rev:1;) alert tcp $HOME_NET any -> [144.91.92.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.92.120/; sid:900609488; rev:1;) alert tcp $HOME_NET any -> [164.90.222.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.222.65/; sid:900609489; rev:1;) alert tcp $HOME_NET any -> [144.202.108.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.108.116/; sid:900609490; rev:1;) alert tcp $HOME_NET any -> [45.153.242.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.242.61/; sid:900609491; rev:1;) alert tcp $HOME_NET any -> [185.62.57.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.202/; sid:900609492; rev:1;) alert tcp $HOME_NET any -> [205.185.122.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.122.143/; sid:900609493; rev:1;) alert tcp $HOME_NET any -> [209.141.41.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.41.46/; sid:900609494; rev:1;) alert tcp $HOME_NET any -> [45.153.242.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.242.183/; sid:900609495; rev:1;) alert tcp $HOME_NET any -> [154.56.0.115] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.115/; sid:900609496; rev:1;) alert tcp $HOME_NET any -> [104.168.144.212] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.144.212/; sid:900609497; rev:1;) alert tcp $HOME_NET any -> [203.217.140.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.140.239/; sid:900609498; rev:1;) alert tcp $HOME_NET any -> [34.80.191.247] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.80.191.247/; sid:900609499; rev:1;) alert tcp $HOME_NET any -> [185.2.103.3] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.2.103.3/; sid:900609500; rev:1;) alert tcp $HOME_NET any -> [138.197.64.211] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.64.211/; sid:900609501; rev:1;) alert tcp $HOME_NET any -> [1.234.21.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900609502; rev:1;) alert tcp $HOME_NET any -> [104.168.200.192] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.200.192/; sid:900609503; rev:1;) alert tcp $HOME_NET any -> [146.70.106.76] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.76/; sid:900609504; rev:1;) alert tcp $HOME_NET any -> [51.68.146.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.146.186/; sid:900609505; rev:1;) alert tcp $HOME_NET any -> [54.37.70.105] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900609506; rev:1;) alert tcp $HOME_NET any -> [164.68.102.31] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.102.31/; sid:900609507; rev:1;) alert tcp $HOME_NET any -> [178.128.31.80] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.31.80/; sid:900609508; rev:1;) alert tcp $HOME_NET any -> [165.22.211.113] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.211.113/; sid:900609509; rev:1;) alert tcp $HOME_NET any -> [45.55.44.204] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.44.204/; sid:900609510; rev:1;) alert tcp $HOME_NET any -> [106.51.48.188] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.48.188/; sid:900609511; rev:1;) alert tcp $HOME_NET any -> [144.91.80.228] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.80.228/; sid:900609512; rev:1;) alert tcp $HOME_NET any -> [142.11.245.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.245.185/; sid:900609513; rev:1;) alert tcp $HOME_NET any -> [205.185.123.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.123.137/; sid:900609514; rev:1;) alert tcp $HOME_NET any -> [146.19.173.31] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.31/; sid:900609515; rev:1;) alert tcp $HOME_NET any -> [209.141.49.72] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.49.72/; sid:900609516; rev:1;) alert tcp $HOME_NET any -> [103.175.16.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.116/; sid:900609518; rev:1;) alert tcp $HOME_NET any -> [185.62.57.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.57.94/; sid:900609519; rev:1;) alert tcp $HOME_NET any -> [146.70.86.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.86.47/; sid:900609520; rev:1;) alert tcp $HOME_NET any -> [51.68.144.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.144.13/; sid:900609521; rev:1;) alert tcp $HOME_NET any -> [89.211.209.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.209.234/; sid:900609522; rev:1;) alert tcp $HOME_NET any -> [24.158.23.166] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.158.23.166/; sid:900609523; rev:1;) alert tcp $HOME_NET any -> [37.208.132.76] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.132.76/; sid:900609524; rev:1;) alert tcp $HOME_NET any -> [70.51.137.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.244/; sid:900609525; rev:1;) alert tcp $HOME_NET any -> [54.37.136.187] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.136.187/; sid:900609526; rev:1;) alert tcp $HOME_NET any -> [45.11.19.70] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.11.19.70/; sid:900609527; rev:1;) alert tcp $HOME_NET any -> [45.153.243.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.111/; sid:900609528; rev:1;) alert tcp $HOME_NET any -> [146.19.173.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.120/; sid:900609529; rev:1;) alert tcp $HOME_NET any -> [146.19.173.33] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.33/; sid:900609530; rev:1;) alert tcp $HOME_NET any -> [45.61.184.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.184.227/; sid:900609531; rev:1;) alert tcp $HOME_NET any -> [104.168.243.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.243.123/; sid:900609532; rev:1;) alert tcp $HOME_NET any -> [51.68.145.174] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.145.174/; sid:900609533; rev:1;) alert tcp $HOME_NET any -> [209.141.57.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.57.151/; sid:900609534; rev:1;) alert tcp $HOME_NET any -> [209.141.35.21] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.35.21/; sid:900609535; rev:1;) alert tcp $HOME_NET any -> [92.132.132.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.132.132.81/; sid:900609536; rev:1;) alert tcp $HOME_NET any -> [177.94.65.26] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.65.26/; sid:900609537; rev:1;) alert tcp $HOME_NET any -> [176.45.218.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.218.138/; sid:900609538; rev:1;) alert tcp $HOME_NET any -> [174.80.15.101] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.80.15.101/; sid:900609539; rev:1;) alert tcp $HOME_NET any -> [146.70.53.142] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.53.142/; sid:900609540; rev:1;) alert tcp $HOME_NET any -> [201.172.23.72] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.23.72/; sid:900609541; rev:1;) alert tcp $HOME_NET any -> [177.189.180.214] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.189.180.214/; sid:900609542; rev:1;) alert tcp $HOME_NET any -> [1.161.79.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.79.116/; sid:900609543; rev:1;) alert tcp $HOME_NET any -> [86.98.157.114] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.114/; sid:900609544; rev:1;) alert tcp $HOME_NET any -> [86.97.10.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.10.37/; sid:900609545; rev:1;) alert tcp $HOME_NET any -> [1.161.79.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.79.116/; sid:900609546; rev:1;) alert tcp $HOME_NET any -> [81.158.239.251] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.158.239.251/; sid:900609547; rev:1;) alert tcp $HOME_NET any -> [179.111.8.52] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.111.8.52/; sid:900609548; rev:1;) alert tcp $HOME_NET any -> [187.116.126.216] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.116.126.216/; sid:900609549; rev:1;) alert tcp $HOME_NET any -> [24.54.48.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.54.48.11/; sid:900609550; rev:1;) alert tcp $HOME_NET any -> [86.98.78.118] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.78.118/; sid:900609551; rev:1;) alert tcp $HOME_NET any -> [1.161.118.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.118.53/; sid:900609552; rev:1;) alert tcp $HOME_NET any -> [39.52.55.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.55.99/; sid:900609553; rev:1;) alert tcp $HOME_NET any -> [31.215.185.213] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.215.185.213/; sid:900609554; rev:1;) alert tcp $HOME_NET any -> [39.44.116.107] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.116.107/; sid:900609555; rev:1;) alert tcp $HOME_NET any -> [85.6.232.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.6.232.221/; sid:900609556; rev:1;) alert tcp $HOME_NET any -> [39.57.56.11] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.57.56.11/; sid:900609557; rev:1;) alert tcp $HOME_NET any -> [1.161.118.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.161.118.53/; sid:900609558; rev:1;) alert tcp $HOME_NET any -> [39.52.44.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.52.44.132/; sid:900609559; rev:1;) alert tcp $HOME_NET any -> [197.92.136.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.136.122/; sid:900609561; rev:1;) alert tcp $HOME_NET any -> [88.240.59.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.240.59.52/; sid:900609562; rev:1;) alert tcp $HOME_NET any -> [86.213.75.30] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.213.75.30/; sid:900609563; rev:1;) alert tcp $HOME_NET any -> [98.50.153.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.50.153.207/; sid:900609565; rev:1;) alert tcp $HOME_NET any -> [198.98.59.39] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.59.39/; sid:900609566; rev:1;) alert tcp $HOME_NET any -> [23.81.246.171] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.81.246.171/; sid:900609572; rev:1;) alert tcp $HOME_NET any -> [51.77.41.66] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.41.66/; sid:900609574; rev:1;) alert tcp $HOME_NET any -> [146.70.124.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.124.117/; sid:900609575; rev:1;) alert tcp $HOME_NET any -> [108.174.194.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.194.151/; sid:900609576; rev:1;) alert tcp $HOME_NET any -> [51.68.157.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.157.245/; sid:900609577; rev:1;) alert tcp $HOME_NET any -> [142.11.210.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.210.50/; sid:900609578; rev:1;) alert tcp $HOME_NET any -> [104.168.203.190] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.203.190/; sid:900609579; rev:1;) alert tcp $HOME_NET any -> [194.15.216.113] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.216.113/; sid:900609580; rev:1;) alert tcp $HOME_NET any -> [154.56.0.110] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.110/; sid:900609581; rev:1;) alert tcp $HOME_NET any -> [64.44.98.157] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.98.157/; sid:900609582; rev:1;) alert tcp $HOME_NET any -> [149.3.170.213] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.213/; sid:900609585; rev:1;) alert tcp $HOME_NET any -> [205.185.114.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.114.107/; sid:900609586; rev:1;) alert tcp $HOME_NET any -> [209.141.54.211] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.54.211/; sid:900609587; rev:1;) alert tcp $HOME_NET any -> [103.175.16.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.25/; sid:900609588; rev:1;) alert tcp $HOME_NET any -> [103.175.16.58] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.58/; sid:900609589; rev:1;) alert tcp $HOME_NET any -> [209.141.46.65] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.46.65/; sid:900609590; rev:1;) alert tcp $HOME_NET any -> [152.89.247.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.247.241/; sid:900609591; rev:1;) alert tcp $HOME_NET any -> [149.3.170.196] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.196/; sid:900609592; rev:1;) alert tcp $HOME_NET any -> [45.147.229.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.229.47/; sid:900609593; rev:1;) alert tcp $HOME_NET any -> [199.195.249.74] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.249.74/; sid:900609594; rev:1;) alert tcp $HOME_NET any -> [198.98.59.64] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.59.64/; sid:900609595; rev:1;) alert tcp $HOME_NET any -> [205.185.115.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.115.138/; sid:900609596; rev:1;) alert tcp $HOME_NET any -> [51.68.147.63] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.147.63/; sid:900609598; rev:1;) alert tcp $HOME_NET any -> [198.98.52.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.52.246/; sid:900609599; rev:1;) alert tcp $HOME_NET any -> [205.185.116.99] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.116.99/; sid:900609600; rev:1;) alert tcp $HOME_NET any -> [107.189.5.45] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.5.45/; sid:900609601; rev:1;) alert tcp $HOME_NET any -> [104.168.204.115] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.204.115/; sid:900609602; rev:1;) alert tcp $HOME_NET any -> [185.17.40.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.17.40.189/; sid:900609603; rev:1;) alert tcp $HOME_NET any -> [45.147.230.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.230.179/; sid:900609604; rev:1;) alert tcp $HOME_NET any -> [64.44.98.213] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.98.213/; sid:900609605; rev:1;) alert tcp $HOME_NET any -> [51.68.145.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.145.40/; sid:900609606; rev:1;) alert tcp $HOME_NET any -> [142.11.234.228] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.234.228/; sid:900609607; rev:1;) alert tcp $HOME_NET any -> [146.19.173.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.137/; sid:900609610; rev:1;) alert tcp $HOME_NET any -> [104.244.72.215] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.72.215/; sid:900609611; rev:1;) alert tcp $HOME_NET any -> [142.11.234.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.234.230/; sid:900609612; rev:1;) alert tcp $HOME_NET any -> [205.185.121.162] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.121.162/; sid:900609613; rev:1;) alert tcp $HOME_NET any -> [51.83.249.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.249.204/; sid:900609614; rev:1;) alert tcp $HOME_NET any -> [146.70.106.163] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.106.163/; sid:900609615; rev:1;) alert tcp $HOME_NET any -> [64.44.102.36] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.36/; sid:900609616; rev:1;) alert tcp $HOME_NET any -> [104.168.162.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.162.242/; sid:900609617; rev:1;) alert tcp $HOME_NET any -> [146.19.173.173] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.173/; sid:900609618; rev:1;) alert tcp $HOME_NET any -> [45.147.230.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.230.233/; sid:900609619; rev:1;) alert tcp $HOME_NET any -> [198.98.52.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.52.145/; sid:900609620; rev:1;) alert tcp $HOME_NET any -> [103.175.16.10] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.10/; sid:900609621; rev:1;) alert tcp $HOME_NET any -> [103.175.16.60] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.60/; sid:900609622; rev:1;) alert tcp $HOME_NET any -> [145.239.30.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.219/; sid:900609623; rev:1;) alert tcp $HOME_NET any -> [23.254.204.109] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.204.109/; sid:900609624; rev:1;) alert tcp $HOME_NET any -> [104.168.136.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.136.137/; sid:900609625; rev:1;) alert tcp $HOME_NET any -> [198.98.49.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.49.201/; sid:900609626; rev:1;) alert tcp $HOME_NET any -> [23.106.124.154] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.124.154/; sid:900609627; rev:1;) alert tcp $HOME_NET any -> [146.70.125.93] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.93/; sid:900609628; rev:1;) alert tcp $HOME_NET any -> [107.189.1.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.1.156/; sid:900609629; rev:1;) alert tcp $HOME_NET any -> [205.185.121.173] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.121.173/; sid:900609631; rev:1;) alert tcp $HOME_NET any -> [192.236.155.47] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.155.47/; sid:900609632; rev:1;) alert tcp $HOME_NET any -> [81.131.161.131] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.131.161.131/; sid:900609633; rev:1;) alert tcp $HOME_NET any -> [99.232.140.205] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.232.140.205/; sid:900609634; rev:1;) alert tcp $HOME_NET any -> [217.165.68.122] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.122/; sid:900609635; rev:1;) alert tcp $HOME_NET any -> [193.3.19.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.3.19.37/; sid:900609636; rev:1;) alert tcp $HOME_NET any -> [197.94.210.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.210.133/; sid:900609637; rev:1;) alert tcp $HOME_NET any -> [217.165.77.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.77.134/; sid:900609638; rev:1;) alert tcp $HOME_NET any -> [217.165.77.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.77.134/; sid:900609639; rev:1;) alert tcp $HOME_NET any -> [179.158.103.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.103.236/; sid:900609640; rev:1;) alert tcp $HOME_NET any -> [173.189.167.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.189.167.21/; sid:900609641; rev:1;) alert tcp $HOME_NET any -> [37.210.148.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.148.30/; sid:900609642; rev:1;) alert tcp $HOME_NET any -> [70.51.153.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.182/; sid:900609643; rev:1;) alert tcp $HOME_NET any -> [86.213.191.206] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.213.191.206/; sid:900609644; rev:1;) alert tcp $HOME_NET any -> [200.161.62.126] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.161.62.126/; sid:900609645; rev:1;) alert tcp $HOME_NET any -> [89.211.218.88] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.218.88/; sid:900609646; rev:1;) alert tcp $HOME_NET any -> [85.99.62.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.62.74/; sid:900609647; rev:1;) alert tcp $HOME_NET any -> [177.102.84.28] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.102.84.28/; sid:900609648; rev:1;) alert tcp $HOME_NET any -> [123.240.131.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.240.131.1/; sid:900609649; rev:1;) alert tcp $HOME_NET any -> [87.220.229.164] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.229.164/; sid:900609650; rev:1;) alert tcp $HOME_NET any -> [191.97.234.238] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.97.234.238/; sid:900609651; rev:1;) alert tcp $HOME_NET any -> [121.7.223.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.223.38/; sid:900609652; rev:1;) alert tcp $HOME_NET any -> [139.195.63.45] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.195.63.45/; sid:900609653; rev:1;) alert tcp $HOME_NET any -> [84.238.253.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.238.253.171/; sid:900609654; rev:1;) alert tcp $HOME_NET any -> [81.214.220.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.220.237/; sid:900609655; rev:1;) alert tcp $HOME_NET any -> [42.118.158.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.118.158.96/; sid:900609656; rev:1;) alert tcp $HOME_NET any -> [27.73.215.46] 32102 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.73.215.46/; sid:900609657; rev:1;) alert tcp $HOME_NET any -> [146.70.143.183] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.143.183/; sid:900609658; rev:1;) alert tcp $HOME_NET any -> [64.207.215.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.215.69/; sid:900609659; rev:1;) alert tcp $HOME_NET any -> [41.97.64.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.64.224/; sid:900609660; rev:1;) alert tcp $HOME_NET any -> [89.211.219.157] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.219.157/; sid:900609661; rev:1;) alert tcp $HOME_NET any -> [70.51.137.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.118/; sid:900609662; rev:1;) alert tcp $HOME_NET any -> [196.92.172.24] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.92.172.24/; sid:900609663; rev:1;) alert tcp $HOME_NET any -> [179.111.111.88] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.111.111.88/; sid:900609664; rev:1;) alert tcp $HOME_NET any -> [84.38.133.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.38.133.191/; sid:900609665; rev:1;) alert tcp $HOME_NET any -> [175.110.231.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.110.231.67/; sid:900609666; rev:1;) alert tcp $HOME_NET any -> [186.50.245.74] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.50.245.74/; sid:900609667; rev:1;) alert tcp $HOME_NET any -> [47.146.182.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.182.110/; sid:900609668; rev:1;) alert tcp $HOME_NET any -> [100.1.5.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.5.250/; sid:900609669; rev:1;) alert tcp $HOME_NET any -> [209.141.42.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.42.230/; sid:900609670; rev:1;) alert tcp $HOME_NET any -> [78.182.113.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.113.80/; sid:900609671; rev:1;) alert tcp $HOME_NET any -> [194.49.79.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.49.79.231/; sid:900609672; rev:1;) alert tcp $HOME_NET any -> [146.59.116.49] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.49/; sid:900609673; rev:1;) alert tcp $HOME_NET any -> [192.236.155.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.155.219/; sid:900609674; rev:1;) alert tcp $HOME_NET any -> [142.11.211.32] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.211.32/; sid:900609675; rev:1;) alert tcp $HOME_NET any -> [86.98.156.176] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.176/; sid:900609676; rev:1;) alert tcp $HOME_NET any -> [78.100.254.17] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.254.17/; sid:900609677; rev:1;) alert tcp $HOME_NET any -> [191.84.204.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.84.204.214/; sid:900609678; rev:1;) alert tcp $HOME_NET any -> [70.51.132.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.197/; sid:900609679; rev:1;) alert tcp $HOME_NET any -> [205.185.123.115] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.123.115/; sid:900609680; rev:1;) alert tcp $HOME_NET any -> [95.136.41.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.136.41.50/; sid:900609681; rev:1;) alert tcp $HOME_NET any -> [109.158.159.179] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.158.159.179/; sid:900609682; rev:1;) alert tcp $HOME_NET any -> [190.44.40.48] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.40.48/; sid:900609683; rev:1;) alert tcp $HOME_NET any -> [99.253.251.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.253.251.74/; sid:900609684; rev:1;) alert tcp $HOME_NET any -> [134.35.10.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.10.122/; sid:900609685; rev:1;) alert tcp $HOME_NET any -> [154.181.203.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.181.203.230/; sid:900609686; rev:1;) alert tcp $HOME_NET any -> [78.100.225.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.225.34/; sid:900609687; rev:1;) alert tcp $HOME_NET any -> [217.165.85.223] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.85.223/; sid:900609688; rev:1;) alert tcp $HOME_NET any -> [91.116.160.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.116.160.252/; sid:900609689; rev:1;) alert tcp $HOME_NET any -> [146.19.253.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.102/; sid:900609690; rev:1;) alert tcp $HOME_NET any -> [70.81.121.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.81.121.237/; sid:900609691; rev:1;) alert tcp $HOME_NET any -> [194.166.207.160] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.166.207.160/; sid:900609692; rev:1;) alert tcp $HOME_NET any -> [198.98.48.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.48.141/; sid:900609693; rev:1;) alert tcp $HOME_NET any -> [146.19.173.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.61/; sid:900609694; rev:1;) alert tcp $HOME_NET any -> [45.61.185.65] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.185.65/; sid:900609695; rev:1;) alert tcp $HOME_NET any -> [198.98.55.214] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.55.214/; sid:900609696; rev:1;) alert tcp $HOME_NET any -> [41.96.56.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.96.56.224/; sid:900609697; rev:1;) alert tcp $HOME_NET any -> [72.88.245.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.88.245.71/; sid:900609698; rev:1;) alert tcp $HOME_NET any -> [66.181.164.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.181.164.43/; sid:900609699; rev:1;) alert tcp $HOME_NET any -> [146.59.116.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.54/; sid:900609700; rev:1;) alert tcp $HOME_NET any -> [154.56.0.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.101/; sid:900609701; rev:1;) alert tcp $HOME_NET any -> [119.82.111.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.111.158/; sid:900609702; rev:1;) alert tcp $HOME_NET any -> [45.153.241.209] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.209/; sid:900609704; rev:1;) alert tcp $HOME_NET any -> [209.141.57.29] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.57.29/; sid:900609705; rev:1;) alert tcp $HOME_NET any -> [103.144.139.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.139/; sid:900609706; rev:1;) alert tcp $HOME_NET any -> [107.189.1.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.1.123/; sid:900609707; rev:1;) alert tcp $HOME_NET any -> [172.93.193.74] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.74/; sid:900609708; rev:1;) alert tcp $HOME_NET any -> [146.70.147.57] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.147.57/; sid:900609709; rev:1;) alert tcp $HOME_NET any -> [23.254.204.210] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.204.210/; sid:900609710; rev:1;) alert tcp $HOME_NET any -> [146.59.116.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.127/; sid:900609711; rev:1;) alert tcp $HOME_NET any -> [192.236.198.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.198.181/; sid:900609712; rev:1;) alert tcp $HOME_NET any -> [70.49.33.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.49.33.200/; sid:900609714; rev:1;) alert tcp $HOME_NET any -> [78.100.228.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.228.93/; sid:900609715; rev:1;) alert tcp $HOME_NET any -> [217.165.68.125] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.125/; sid:900609716; rev:1;) alert tcp $HOME_NET any -> [41.96.234.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.96.234.120/; sid:900609717; rev:1;) alert tcp $HOME_NET any -> [154.56.0.196] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.56.0.196/; sid:900609718; rev:1;) alert tcp $HOME_NET any -> [104.168.243.178] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.243.178/; sid:900609719; rev:1;) alert tcp $HOME_NET any -> [85.98.206.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.98.206.165/; sid:900609720; rev:1;) alert tcp $HOME_NET any -> [68.224.229.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.224.229.42/; sid:900609721; rev:1;) alert tcp $HOME_NET any -> [187.205.222.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.205.222.100/; sid:900609722; rev:1;) alert tcp $HOME_NET any -> [68.53.110.74] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.53.110.74/; sid:900609723; rev:1;) alert tcp $HOME_NET any -> [76.169.76.44] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.169.76.44/; sid:900609724; rev:1;) alert tcp $HOME_NET any -> [108.177.235.29] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.177.235.29/; sid:900609725; rev:1;) alert tcp $HOME_NET any -> [45.153.243.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.126/; sid:900609726; rev:1;) alert tcp $HOME_NET any -> [172.93.193.42] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.42/; sid:900609727; rev:1;) alert tcp $HOME_NET any -> [109.155.5.164] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.155.5.164/; sid:900609728; rev:1;) alert tcp $HOME_NET any -> [177.255.14.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.255.14.99/; sid:900609729; rev:1;) alert tcp $HOME_NET any -> [31.54.39.153] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.54.39.153/; sid:900609730; rev:1;) alert tcp $HOME_NET any -> [134.35.9.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.9.144/; sid:900609731; rev:1;) alert tcp $HOME_NET any -> [173.218.180.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.218.180.91/; sid:900609732; rev:1;) alert tcp $HOME_NET any -> [181.118.183.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.123/; sid:900609733; rev:1;) alert tcp $HOME_NET any -> [197.94.84.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.84.128/; sid:900609734; rev:1;) alert tcp $HOME_NET any -> [189.19.189.222] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.19.189.222/; sid:900609735; rev:1;) alert tcp $HOME_NET any -> [45.153.241.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.241.245/; sid:900609737; rev:1;) alert tcp $HOME_NET any -> [195.133.192.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.117/; sid:900609738; rev:1;) alert tcp $HOME_NET any -> [146.70.147.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.147.16/; sid:900609739; rev:1;) alert tcp $HOME_NET any -> [217.165.146.41] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.41/; sid:900609740; rev:1;) alert tcp $HOME_NET any -> [45.153.243.130] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.130/; sid:900609741; rev:1;) alert tcp $HOME_NET any -> [88.232.207.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.232.207.24/; sid:900609742; rev:1;) alert tcp $HOME_NET any -> [198.98.56.9] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.56.9/; sid:900609743; rev:1;) alert tcp $HOME_NET any -> [205.185.113.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.113.181/; sid:900609744; rev:1;) alert tcp $HOME_NET any -> [111.125.157.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.157.230/; sid:900609746; rev:1;) alert tcp $HOME_NET any -> [197.204.227.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.227.155/; sid:900609747; rev:1;) alert tcp $HOME_NET any -> [149.28.38.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.38.16/; sid:900609748; rev:1;) alert tcp $HOME_NET any -> [86.132.13.105] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.13.105/; sid:900609749; rev:1;) alert tcp $HOME_NET any -> [149.28.38.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.38.16/; sid:900609750; rev:1;) alert tcp $HOME_NET any -> [45.77.159.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.159.252/; sid:900609751; rev:1;) alert tcp $HOME_NET any -> [45.77.159.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.159.252/; sid:900609752; rev:1;) alert tcp $HOME_NET any -> [149.28.63.197] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.63.197/; sid:900609753; rev:1;) alert tcp $HOME_NET any -> [144.202.15.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.15.58/; sid:900609754; rev:1;) alert tcp $HOME_NET any -> [45.63.10.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.10.144/; sid:900609755; rev:1;) alert tcp $HOME_NET any -> [45.63.10.144] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.10.144/; sid:900609756; rev:1;) alert tcp $HOME_NET any -> [149.28.63.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.63.197/; sid:900609757; rev:1;) alert tcp $HOME_NET any -> [144.202.15.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.15.58/; sid:900609758; rev:1;) alert tcp $HOME_NET any -> [134.35.10.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.10.30/; sid:900609759; rev:1;) alert tcp $HOME_NET any -> [88.237.6.72] 53 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.237.6.72/; sid:900609760; rev:1;) alert tcp $HOME_NET any -> [115.247.12.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.247.12.66/; sid:900609761; rev:1;) alert tcp $HOME_NET any -> [39.121.226.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.121.226.109/; sid:900609762; rev:1;) alert tcp $HOME_NET any -> [86.176.180.223] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.180.223/; sid:900609763; rev:1;) alert tcp $HOME_NET any -> [85.143.218.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.249/; sid:900609764; rev:1;) alert tcp $HOME_NET any -> [188.157.6.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.157.6.170/; sid:900609765; rev:1;) alert tcp $HOME_NET any -> [193.3.19.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.3.19.137/; sid:900609766; rev:1;) alert tcp $HOME_NET any -> [85.245.143.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.245.143.94/; sid:900609767; rev:1;) alert tcp $HOME_NET any -> [85.94.178.73] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.94.178.73/; sid:900609768; rev:1;) alert tcp $HOME_NET any -> [189.189.89.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.89.32/; sid:900609769; rev:1;) alert tcp $HOME_NET any -> [193.254.32.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.254.32.156/; sid:900609770; rev:1;) alert tcp $HOME_NET any -> [41.104.77.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.104.77.244/; sid:900609771; rev:1;) alert tcp $HOME_NET any -> [85.86.242.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.86.242.245/; sid:900609772; rev:1;) alert tcp $HOME_NET any -> [179.111.23.186] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.111.23.186/; sid:900609773; rev:1;) alert tcp $HOME_NET any -> [197.160.22.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.160.22.10/; sid:900609774; rev:1;) alert tcp $HOME_NET any -> [41.69.236.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.69.236.243/; sid:900609775; rev:1;) alert tcp $HOME_NET any -> [41.249.123.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.249.123.100/; sid:900609776; rev:1;) alert tcp $HOME_NET any -> [134.35.12.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.12.64/; sid:900609777; rev:1;) alert tcp $HOME_NET any -> [41.97.65.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.65.83/; sid:900609778; rev:1;) alert tcp $HOME_NET any -> [41.105.89.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.105.89.30/; sid:900609779; rev:1;) alert tcp $HOME_NET any -> [160.177.207.113] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.177.207.113/; sid:900609780; rev:1;) alert tcp $HOME_NET any -> [49.205.197.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.205.197.13/; sid:900609781; rev:1;) alert tcp $HOME_NET any -> [103.173.121.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.173.121.17/; sid:900609782; rev:1;) alert tcp $HOME_NET any -> [139.228.33.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.228.33.176/; sid:900609783; rev:1;) alert tcp $HOME_NET any -> [197.41.235.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.41.235.69/; sid:900609784; rev:1;) alert tcp $HOME_NET any -> [186.81.122.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.81.122.168/; sid:900609785; rev:1;) alert tcp $HOME_NET any -> [84.3.85.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.3.85.30/; sid:900609786; rev:1;) alert tcp $HOME_NET any -> [41.140.98.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.140.98.37/; sid:900609787; rev:1;) alert tcp $HOME_NET any -> [134.35.12.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.12.0/; sid:900609788; rev:1;) alert tcp $HOME_NET any -> [217.165.146.158] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.146.158/; sid:900609789; rev:1;) alert tcp $HOME_NET any -> [186.90.144.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.144.235/; sid:900609790; rev:1;) alert tcp $HOME_NET any -> [185.233.79.238] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.233.79.238/; sid:900609791; rev:1;) alert tcp $HOME_NET any -> [200.175.173.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.175.173.80/; sid:900609792; rev:1;) alert tcp $HOME_NET any -> [86.132.13.49] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.13.49/; sid:900609793; rev:1;) alert tcp $HOME_NET any -> [41.104.80.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.104.80.233/; sid:900609794; rev:1;) alert tcp $HOME_NET any -> [154.237.60.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.237.60.254/; sid:900609795; rev:1;) alert tcp $HOME_NET any -> [197.203.50.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.203.50.195/; sid:900609796; rev:1;) alert tcp $HOME_NET any -> [181.177.156.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.177.156.209/; sid:900609797; rev:1;) alert tcp $HOME_NET any -> [41.68.209.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.68.209.102/; sid:900609798; rev:1;) alert tcp $HOME_NET any -> [102.189.184.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.189.184.12/; sid:900609799; rev:1;) alert tcp $HOME_NET any -> [86.196.181.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.196.181.62/; sid:900609800; rev:1;) alert tcp $HOME_NET any -> [102.190.190.242] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.190.190.242/; sid:900609801; rev:1;) alert tcp $HOME_NET any -> [131.100.40.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.40.13/; sid:900609802; rev:1;) alert tcp $HOME_NET any -> [151.231.60.200] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.231.60.200/; sid:900609803; rev:1;) alert tcp $HOME_NET any -> [74.133.189.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.133.189.36/; sid:900609804; rev:1;) alert tcp $HOME_NET any -> [73.252.27.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.252.27.208/; sid:900609805; rev:1;) alert tcp $HOME_NET any -> [75.71.96.226] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.71.96.226/; sid:900609806; rev:1;) alert tcp $HOME_NET any -> [39.44.5.104] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.44.5.104/; sid:900609807; rev:1;) alert tcp $HOME_NET any -> [109.128.221.164] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.128.221.164/; sid:900609808; rev:1;) alert tcp $HOME_NET any -> [58.186.75.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.186.75.42/; sid:900609809; rev:1;) alert tcp $HOME_NET any -> [216.238.83.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.83.82/; sid:900609811; rev:1;) alert tcp $HOME_NET any -> [139.84.167.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.84.167.18/; sid:900609812; rev:1;) alert tcp $HOME_NET any -> [139.84.167.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.84.167.18/; sid:900609813; rev:1;) alert tcp $HOME_NET any -> [216.238.108.61] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.108.61/; sid:900609814; rev:1;) alert tcp $HOME_NET any -> [216.238.108.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.108.61/; sid:900609815; rev:1;) alert tcp $HOME_NET any -> [177.45.78.52] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.45.78.52/; sid:900609816; rev:1;) alert tcp $HOME_NET any -> [149.126.159.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.126.159.254/; sid:900609817; rev:1;) alert tcp $HOME_NET any -> [87.243.113.104] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.243.113.104/; sid:900609818; rev:1;) alert tcp $HOME_NET any -> [196.207.146.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.207.146.151/; sid:900609819; rev:1;) alert tcp $HOME_NET any -> [146.59.117.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.117.200/; sid:900609820; rev:1;) alert tcp $HOME_NET any -> [146.19.253.41] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.41/; sid:900609821; rev:1;) alert tcp $HOME_NET any -> [45.153.243.222] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.243.222/; sid:900609822; rev:1;) alert tcp $HOME_NET any -> [103.144.139.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.145/; sid:900609823; rev:1;) alert tcp $HOME_NET any -> [146.70.149.14] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.14/; sid:900609824; rev:1;) alert tcp $HOME_NET any -> [146.70.149.42] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.42/; sid:900609825; rev:1;) alert tcp $HOME_NET any -> [146.70.149.11] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.11/; sid:900609826; rev:1;) alert tcp $HOME_NET any -> [209.141.48.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.48.135/; sid:900609827; rev:1;) alert tcp $HOME_NET any -> [146.59.116.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.77/; sid:900609828; rev:1;) alert tcp $HOME_NET any -> [45.141.58.37] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.58.37/; sid:900609829; rev:1;) alert tcp $HOME_NET any -> [146.70.147.39] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.147.39/; sid:900609830; rev:1;) alert tcp $HOME_NET any -> [192.119.74.28] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.74.28/; sid:900609831; rev:1;) alert tcp $HOME_NET any -> [46.10.105.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.10.105.160/; sid:900609832; rev:1;) alert tcp $HOME_NET any -> [134.35.11.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.11.71/; sid:900609833; rev:1;) alert tcp $HOME_NET any -> [23.225.104.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.225.104.250/; sid:900609834; rev:1;) alert tcp $HOME_NET any -> [54.38.138.5] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.138.5/; sid:900609835; rev:1;) alert tcp $HOME_NET any -> [146.70.149.48] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.48/; sid:900609836; rev:1;) alert tcp $HOME_NET any -> [41.108.175.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.108.175.56/; sid:900609837; rev:1;) alert tcp $HOME_NET any -> [160.179.220.87] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.179.220.87/; sid:900609838; rev:1;) alert tcp $HOME_NET any -> [78.162.213.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.162.213.155/; sid:900609839; rev:1;) alert tcp $HOME_NET any -> [94.52.127.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.52.127.44/; sid:900609840; rev:1;) alert tcp $HOME_NET any -> [188.156.85.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.156.85.37/; sid:900609842; rev:1;) alert tcp $HOME_NET any -> [149.3.170.62] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.62/; sid:900609844; rev:1;) alert tcp $HOME_NET any -> [186.86.212.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.212.138/; sid:900609845; rev:1;) alert tcp $HOME_NET any -> [192.255.188.11] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.255.188.11/; sid:900609846; rev:1;) alert tcp $HOME_NET any -> [216.238.83.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.83.82/; sid:900609848; rev:1;) alert tcp $HOME_NET any -> [45.66.151.193] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.151.193/; sid:900609849; rev:1;) alert tcp $HOME_NET any -> [104.244.75.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.75.253/; sid:900609850; rev:1;) alert tcp $HOME_NET any -> [79.143.87.103] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.87.103/; sid:900609851; rev:1;) alert tcp $HOME_NET any -> [146.70.149.45] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.45/; sid:900609852; rev:1;) alert tcp $HOME_NET any -> [82.12.196.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.12.196.197/; sid:900609853; rev:1;) alert tcp $HOME_NET any -> [186.64.67.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.6/; sid:900609854; rev:1;) alert tcp $HOME_NET any -> [190.193.180.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.180.228/; sid:900609855; rev:1;) alert tcp $HOME_NET any -> [105.69.155.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.69.155.85/; sid:900609856; rev:1;) alert tcp $HOME_NET any -> [51.83.250.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.102/; sid:900609857; rev:1;) alert tcp $HOME_NET any -> [192.119.77.44] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.77.44/; sid:900609858; rev:1;) alert tcp $HOME_NET any -> [208.115.216.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.115.216.246/; sid:900609859; rev:1;) alert tcp $HOME_NET any -> [198.84.123.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.84.123.61/; sid:900609860; rev:1;) alert tcp $HOME_NET any -> [134.35.6.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.6.76/; sid:900609861; rev:1;) alert tcp $HOME_NET any -> [45.147.231.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.231.156/; sid:900609862; rev:1;) alert tcp $HOME_NET any -> [45.61.186.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.186.18/; sid:900609863; rev:1;) alert tcp $HOME_NET any -> [23.29.115.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.29.115.164/; sid:900609864; rev:1;) alert tcp $HOME_NET any -> [118.216.99.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.216.99.232/; sid:900609865; rev:1;) alert tcp $HOME_NET any -> [145.239.28.55] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.28.55/; sid:900609866; rev:1;) alert tcp $HOME_NET any -> [96.234.66.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.66.76/; sid:900609867; rev:1;) alert tcp $HOME_NET any -> [54.37.131.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.164/; sid:900609868; rev:1;) alert tcp $HOME_NET any -> [198.98.51.75] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.75/; sid:900609869; rev:1;) alert tcp $HOME_NET any -> [64.44.101.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.101.123/; sid:900609870; rev:1;) alert tcp $HOME_NET any -> [192.198.82.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.56/; sid:900609871; rev:1;) alert tcp $HOME_NET any -> [89.41.26.77] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.41.26.77/; sid:900609872; rev:1;) alert tcp $HOME_NET any -> [197.11.134.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.11.134.255/; sid:900609873; rev:1;) alert tcp $HOME_NET any -> [197.94.70.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.70.41/; sid:900609874; rev:1;) alert tcp $HOME_NET any -> [23.229.117.229] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.229.117.229/; sid:900609875; rev:1;) alert tcp $HOME_NET any -> [45.11.19.86] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.11.19.86/; sid:900609876; rev:1;) alert tcp $HOME_NET any -> [134.35.4.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.4.128/; sid:900609877; rev:1;) alert tcp $HOME_NET any -> [197.92.143.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.143.218/; sid:900609878; rev:1;) alert tcp $HOME_NET any -> [42.189.2.151] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.189.2.151/; sid:900609879; rev:1;) alert tcp $HOME_NET any -> [197.204.78.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.78.120/; sid:900609880; rev:1;) alert tcp $HOME_NET any -> [190.100.149.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.149.122/; sid:900609881; rev:1;) alert tcp $HOME_NET any -> [190.73.190.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.190.235/; sid:900609882; rev:1;) alert tcp $HOME_NET any -> [41.97.127.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.127.116/; sid:900609883; rev:1;) alert tcp $HOME_NET any -> [146.70.53.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.53.139/; sid:900609884; rev:1;) alert tcp $HOME_NET any -> [181.44.34.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.34.172/; sid:900609885; rev:1;) alert tcp $HOME_NET any -> [190.11.198.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.76/; sid:900609886; rev:1;) alert tcp $HOME_NET any -> [134.35.2.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.2.138/; sid:900609887; rev:1;) alert tcp $HOME_NET any -> [41.111.85.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.111.85.167/; sid:900609888; rev:1;) alert tcp $HOME_NET any -> [179.113.97.4] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.113.97.4/; sid:900609889; rev:1;) alert tcp $HOME_NET any -> [195.133.192.4] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.4/; sid:900609890; rev:1;) alert tcp $HOME_NET any -> [41.103.252.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.103.252.215/; sid:900609891; rev:1;) alert tcp $HOME_NET any -> [81.184.181.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.184.181.215/; sid:900609892; rev:1;) alert tcp $HOME_NET any -> [105.69.147.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.69.147.88/; sid:900609893; rev:1;) alert tcp $HOME_NET any -> [41.104.109.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.104.109.190/; sid:900609894; rev:1;) alert tcp $HOME_NET any -> [51.83.250.153] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.153/; sid:900609895; rev:1;) alert tcp $HOME_NET any -> [194.135.33.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.40/; sid:900609896; rev:1;) alert tcp $HOME_NET any -> [185.145.97.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.145.97.141/; sid:900609897; rev:1;) alert tcp $HOME_NET any -> [186.64.87.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.202/; sid:900609899; rev:1;) alert tcp $HOME_NET any -> [134.35.1.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.1.115/; sid:900609901; rev:1;) alert tcp $HOME_NET any -> [198.2.51.242] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.2.51.242/; sid:900609902; rev:1;) alert tcp $HOME_NET any -> [186.18.210.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.210.16/; sid:900609903; rev:1;) alert tcp $HOME_NET any -> [196.65.103.80] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.65.103.80/; sid:900609904; rev:1;) alert tcp $HOME_NET any -> [45.61.186.51] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.186.51/; sid:900609905; rev:1;) alert tcp $HOME_NET any -> [197.94.79.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.79.39/; sid:900609906; rev:1;) alert tcp $HOME_NET any -> [190.205.229.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.205.229.67/; sid:900609907; rev:1;) alert tcp $HOME_NET any -> [187.56.91.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.56.91.215/; sid:900609908; rev:1;) alert tcp $HOME_NET any -> [220.123.29.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.123.29.76/; sid:900609909; rev:1;) alert tcp $HOME_NET any -> [186.188.96.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.96.197/; sid:900609910; rev:1;) alert tcp $HOME_NET any -> [192.254.79.124] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.79.124/; sid:900609911; rev:1;) alert tcp $HOME_NET any -> [86.105.1.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.105.1.108/; sid:900609912; rev:1;) alert tcp $HOME_NET any -> [103.144.139.166] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.166/; sid:900609913; rev:1;) alert tcp $HOME_NET any -> [51.81.134.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.81.134.202/; sid:900609914; rev:1;) alert tcp $HOME_NET any -> [104.233.202.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.233.202.195/; sid:900609915; rev:1;) alert tcp $HOME_NET any -> [105.156.242.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.156.242.71/; sid:900609916; rev:1;) alert tcp $HOME_NET any -> [45.230.169.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.169.132/; sid:900609917; rev:1;) alert tcp $HOME_NET any -> [190.26.159.133] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.26.159.133/; sid:900609918; rev:1;) alert tcp $HOME_NET any -> [177.205.74.14] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.74.14/; sid:900609919; rev:1;) alert tcp $HOME_NET any -> [190.204.74.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.204.74.4/; sid:900609920; rev:1;) alert tcp $HOME_NET any -> [193.201.187.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.201.187.64/; sid:900609921; rev:1;) alert tcp $HOME_NET any -> [45.230.169.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.169.132/; sid:900609922; rev:1;) alert tcp $HOME_NET any -> [179.105.182.216] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.105.182.216/; sid:900609923; rev:1;) alert tcp $HOME_NET any -> [189.243.187.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.243.187.76/; sid:900609924; rev:1;) alert tcp $HOME_NET any -> [1.53.101.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.53.101.75/; sid:900609925; rev:1;) alert tcp $HOME_NET any -> [31.166.182.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.166.182.166/; sid:900609926; rev:1;) alert tcp $HOME_NET any -> [187.198.8.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.8.241/; sid:900609927; rev:1;) alert tcp $HOME_NET any -> [181.197.41.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.41.173/; sid:900609928; rev:1;) alert tcp $HOME_NET any -> [167.58.235.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.58.235.5/; sid:900609930; rev:1;) alert tcp $HOME_NET any -> [109.177.128.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.128.182/; sid:900609931; rev:1;) alert tcp $HOME_NET any -> [42.189.32.186] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.189.32.186/; sid:900609932; rev:1;) alert tcp $HOME_NET any -> [54.38.136.144] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.136.144/; sid:900609934; rev:1;) alert tcp $HOME_NET any -> [64.44.135.134] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.134/; sid:900609935; rev:1;) alert tcp $HOME_NET any -> [181.164.194.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.194.228/; sid:900609936; rev:1;) alert tcp $HOME_NET any -> [206.1.189.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.1.189.186/; sid:900609937; rev:1;) alert tcp $HOME_NET any -> [219.71.108.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.71.108.177/; sid:900609938; rev:1;) alert tcp $HOME_NET any -> [14.246.151.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.246.151.175/; sid:900609939; rev:1;) alert tcp $HOME_NET any -> [134.35.3.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.35.3.85/; sid:900609940; rev:1;) alert tcp $HOME_NET any -> [200.233.108.153] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.233.108.153/; sid:900609941; rev:1;) alert tcp $HOME_NET any -> [190.199.186.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.186.117/; sid:900609942; rev:1;) alert tcp $HOME_NET any -> [200.155.61.245] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.155.61.245/; sid:900609943; rev:1;) alert tcp $HOME_NET any -> [207.204.120.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.204.120.40/; sid:900609944; rev:1;) alert tcp $HOME_NET any -> [190.74.4.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.4.20/; sid:900609945; rev:1;) alert tcp $HOME_NET any -> [94.36.5.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.36.5.31/; sid:900609946; rev:1;) alert tcp $HOME_NET any -> [151.251.50.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.251.50.117/; sid:900609947; rev:1;) alert tcp $HOME_NET any -> [91.171.72.214] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.171.72.214/; sid:900609948; rev:1;) alert tcp $HOME_NET any -> [102.47.218.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.47.218.41/; sid:900609949; rev:1;) alert tcp $HOME_NET any -> [181.141.3.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.141.3.126/; sid:900609950; rev:1;) alert tcp $HOME_NET any -> [102.188.91.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.188.91.158/; sid:900609951; rev:1;) alert tcp $HOME_NET any -> [78.179.135.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.179.135.247/; sid:900609952; rev:1;) alert tcp $HOME_NET any -> [70.173.248.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.173.248.13/; sid:900609953; rev:1;) alert tcp $HOME_NET any -> [85.242.200.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.242.200.96/; sid:900609954; rev:1;) alert tcp $HOME_NET any -> [64.44.135.197] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.197/; sid:900609955; rev:1;) alert tcp $HOME_NET any -> [102.159.77.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.77.134/; sid:900609956; rev:1;) alert tcp $HOME_NET any -> [206.1.172.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.1.172.1/; sid:900609958; rev:1;) alert tcp $HOME_NET any -> [154.247.82.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.82.36/; sid:900609959; rev:1;) alert tcp $HOME_NET any -> [197.158.87.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.158.87.248/; sid:900609960; rev:1;) alert tcp $HOME_NET any -> [177.152.65.142] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.152.65.142/; sid:900609961; rev:1;) alert tcp $HOME_NET any -> [186.177.93.18] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.93.18/; sid:900609962; rev:1;) alert tcp $HOME_NET any -> [45.61.185.227] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.185.227/; sid:900609963; rev:1;) alert tcp $HOME_NET any -> [206.1.208.223] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.1.208.223/; sid:900609964; rev:1;) alert tcp $HOME_NET any -> [5.163.177.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.163.177.234/; sid:900609965; rev:1;) alert tcp $HOME_NET any -> [41.101.100.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.101.100.7/; sid:900609966; rev:1;) alert tcp $HOME_NET any -> [181.168.145.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.145.94/; sid:900609967; rev:1;) alert tcp $HOME_NET any -> [163.182.177.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.182.177.80/; sid:900609968; rev:1;) alert tcp $HOME_NET any -> [167.58.254.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.58.254.85/; sid:900609969; rev:1;) alert tcp $HOME_NET any -> [200.93.11.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.11.28/; sid:900609970; rev:1;) alert tcp $HOME_NET any -> [187.198.16.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.16.39/; sid:900609971; rev:1;) alert tcp $HOME_NET any -> [181.56.171.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.171.3/; sid:900609972; rev:1;) alert tcp $HOME_NET any -> [146.19.173.148] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.148/; sid:900609973; rev:1;) alert tcp $HOME_NET any -> [198.98.59.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.59.245/; sid:900609974; rev:1;) alert tcp $HOME_NET any -> [146.19.173.26] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.26/; sid:900609975; rev:1;) alert tcp $HOME_NET any -> [45.153.242.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.242.242/; sid:900609976; rev:1;) alert tcp $HOME_NET any -> [152.170.17.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.17.136/; sid:900609977; rev:1;) alert tcp $HOME_NET any -> [216.131.22.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.131.22.236/; sid:900609978; rev:1;) alert tcp $HOME_NET any -> [160.179.32.101] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.179.32.101/; sid:900609979; rev:1;) alert tcp $HOME_NET any -> [156.217.185.90] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.185.90/; sid:900609980; rev:1;) alert tcp $HOME_NET any -> [201.68.209.47] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.68.209.47/; sid:900609981; rev:1;) alert tcp $HOME_NET any -> [217.78.49.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.78.49.161/; sid:900609982; rev:1;) alert tcp $HOME_NET any -> [201.210.121.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.121.49/; sid:900609983; rev:1;) alert tcp $HOME_NET any -> [187.143.131.190] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.143.131.190/; sid:900609984; rev:1;) alert tcp $HOME_NET any -> [200.155.61.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.155.61.245/; sid:900609985; rev:1;) alert tcp $HOME_NET any -> [186.213.214.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.213.214.13/; sid:900609986; rev:1;) alert tcp $HOME_NET any -> [105.158.71.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.158.71.149/; sid:900609987; rev:1;) alert tcp $HOME_NET any -> [102.156.82.38] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.82.38/; sid:900609988; rev:1;) alert tcp $HOME_NET any -> [201.171.199.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.199.216/; sid:900609989; rev:1;) alert tcp $HOME_NET any -> [206.1.233.162] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.1.233.162/; sid:900609990; rev:1;) alert tcp $HOME_NET any -> [175.205.2.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.205.2.54/; sid:900609991; rev:1;) alert tcp $HOME_NET any -> [190.33.241.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.33.241.216/; sid:900609992; rev:1;) alert tcp $HOME_NET any -> [136.232.184.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.184.134/; sid:900609993; rev:1;) alert tcp $HOME_NET any -> [42.116.54.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.116.54.220/; sid:900609994; rev:1;) alert tcp $HOME_NET any -> [14.54.83.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.54.83.15/; sid:900609995; rev:1;) alert tcp $HOME_NET any -> [220.134.54.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.134.54.185/; sid:900609996; rev:1;) alert tcp $HOME_NET any -> [190.204.101.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.204.101.210/; sid:900609997; rev:1;) alert tcp $HOME_NET any -> [190.33.87.140] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.33.87.140/; sid:900609998; rev:1;) alert tcp $HOME_NET any -> [23.106.160.112] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.112/; sid:900609999; rev:1;) alert tcp $HOME_NET any -> [146.59.116.146] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.146/; sid:900610000; rev:1;) alert tcp $HOME_NET any -> [172.93.193.220] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.220/; sid:900610001; rev:1;) alert tcp $HOME_NET any -> [200.233.108.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.233.108.153/; sid:900610002; rev:1;) alert tcp $HOME_NET any -> [45.147.230.245] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.147.230.245/; sid:900610003; rev:1;) alert tcp $HOME_NET any -> [189.110.3.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.110.3.60/; sid:900610004; rev:1;) alert tcp $HOME_NET any -> [190.29.228.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.29.228.61/; sid:900610005; rev:1;) alert tcp $HOME_NET any -> [202.5.53.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.5.53.143/; sid:900610006; rev:1;) alert tcp $HOME_NET any -> [104.168.202.54] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.202.54/; sid:900610007; rev:1;) alert tcp $HOME_NET any -> [186.18.77.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.77.99/; sid:900610008; rev:1;) alert tcp $HOME_NET any -> [93.156.96.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.96.171/; sid:900610009; rev:1;) alert tcp $HOME_NET any -> [172.117.139.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.117.139.142/; sid:900610010; rev:1;) alert tcp $HOME_NET any -> [208.78.220.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.220.120/; sid:900610011; rev:1;) alert tcp $HOME_NET any -> [190.201.145.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.145.155/; sid:900610012; rev:1;) alert tcp $HOME_NET any -> [90.165.109.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.165.109.4/; sid:900610013; rev:1;) alert tcp $HOME_NET any -> [222.117.141.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.117.141.133/; sid:900610014; rev:1;) alert tcp $HOME_NET any -> [197.204.107.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.107.51/; sid:900610015; rev:1;) alert tcp $HOME_NET any -> [189.129.38.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.38.158/; sid:900610016; rev:1;) alert tcp $HOME_NET any -> [190.74.248.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.248.136/; sid:900610017; rev:1;) alert tcp $HOME_NET any -> [102.157.250.192] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.250.192/; sid:900610018; rev:1;) alert tcp $HOME_NET any -> [160.176.137.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.176.137.80/; sid:900610019; rev:1;) alert tcp $HOME_NET any -> [72.217.105.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.217.105.238/; sid:900610020; rev:1;) alert tcp $HOME_NET any -> [98.207.190.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.207.190.55/; sid:900610021; rev:1;) alert tcp $HOME_NET any -> [41.98.239.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.98.239.92/; sid:900610022; rev:1;) alert tcp $HOME_NET any -> [104.219.233.30] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.30/; sid:900610023; rev:1;) alert tcp $HOME_NET any -> [105.111.81.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.111.81.57/; sid:900610024; rev:1;) alert tcp $HOME_NET any -> [105.158.78.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.158.78.156/; sid:900610025; rev:1;) alert tcp $HOME_NET any -> [2.88.206.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.88.206.121/; sid:900610026; rev:1;) alert tcp $HOME_NET any -> [27.110.134.202] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.110.134.202/; sid:900610027; rev:1;) alert tcp $HOME_NET any -> [190.207.137.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.207.137.189/; sid:900610028; rev:1;) alert tcp $HOME_NET any -> [58.247.115.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.247.115.126/; sid:900610029; rev:1;) alert tcp $HOME_NET any -> [156.197.230.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.197.230.148/; sid:900610030; rev:1;) alert tcp $HOME_NET any -> [71.199.168.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.199.168.185/; sid:900610031; rev:1;) alert tcp $HOME_NET any -> [24.206.27.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.206.27.39/; sid:900610032; rev:1;) alert tcp $HOME_NET any -> [24.116.45.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.116.45.121/; sid:900610033; rev:1;) alert tcp $HOME_NET any -> [70.115.104.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.104.126/; sid:900610034; rev:1;) alert tcp $HOME_NET any -> [24.9.220.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.9.220.167/; sid:900610035; rev:1;) alert tcp $HOME_NET any -> [190.24.45.24] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.24.45.24/; sid:900610036; rev:1;) alert tcp $HOME_NET any -> [68.62.199.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.62.199.70/; sid:900610037; rev:1;) alert tcp $HOME_NET any -> [43.241.159.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.241.159.238/; sid:900610038; rev:1;) alert tcp $HOME_NET any -> [197.202.196.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.202.196.43/; sid:900610039; rev:1;) alert tcp $HOME_NET any -> [88.240.75.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.240.75.201/; sid:900610040; rev:1;) alert tcp $HOME_NET any -> [191.33.187.192] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.33.187.192/; sid:900610041; rev:1;) alert tcp $HOME_NET any -> [24.207.97.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.207.97.117/; sid:900610042; rev:1;) alert tcp $HOME_NET any -> [186.154.189.162] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.154.189.162/; sid:900610043; rev:1;) alert tcp $HOME_NET any -> [64.123.103.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.123.103.123/; sid:900610044; rev:1;) alert tcp $HOME_NET any -> [151.213.183.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.183.141/; sid:900610045; rev:1;) alert tcp $HOME_NET any -> [75.84.234.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.84.234.68/; sid:900610046; rev:1;) alert tcp $HOME_NET any -> [107.189.14.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.14.8/; sid:900610047; rev:1;) alert tcp $HOME_NET any -> [197.2.193.4] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.193.4/; sid:900610048; rev:1;) alert tcp $HOME_NET any -> [47.14.229.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.14.229.4/; sid:900610049; rev:1;) alert tcp $HOME_NET any -> [41.47.249.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.47.249.185/; sid:900610050; rev:1;) alert tcp $HOME_NET any -> [190.37.174.11] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.37.174.11/; sid:900610051; rev:1;) alert tcp $HOME_NET any -> [173.49.74.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.49.74.62/; sid:900610052; rev:1;) alert tcp $HOME_NET any -> [186.188.80.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.80.134/; sid:900610053; rev:1;) alert tcp $HOME_NET any -> [174.29.45.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.29.45.113/; sid:900610054; rev:1;) alert tcp $HOME_NET any -> [64.207.237.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.237.118/; sid:900610055; rev:1;) alert tcp $HOME_NET any -> [156.216.134.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.216.134.70/; sid:900610056; rev:1;) alert tcp $HOME_NET any -> [190.199.97.108] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.97.108/; sid:900610057; rev:1;) alert tcp $HOME_NET any -> [70.60.142.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.60.142.214/; sid:900610058; rev:1;) alert tcp $HOME_NET any -> [69.46.15.158] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.46.15.158/; sid:900610059; rev:1;) alert tcp $HOME_NET any -> [105.106.60.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.106.60.149/; sid:900610060; rev:1;) alert tcp $HOME_NET any -> [201.223.169.238] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.223.169.238/; sid:900610061; rev:1;) alert tcp $HOME_NET any -> [102.159.110.79] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.110.79/; sid:900610062; rev:1;) alert tcp $HOME_NET any -> [149.126.159.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.126.159.224/; sid:900610063; rev:1;) alert tcp $HOME_NET any -> [188.49.56.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.49.56.189/; sid:900610064; rev:1;) alert tcp $HOME_NET any -> [109.136.174.200] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.136.174.200/; sid:900610065; rev:1;) alert tcp $HOME_NET any -> [45.35.97.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.35.97.45/; sid:900610066; rev:1;) alert tcp $HOME_NET any -> [45.48.36.226] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.48.36.226/; sid:900610067; rev:1;) alert tcp $HOME_NET any -> [41.200.117.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.200.117.82/; sid:900610068; rev:1;) alert tcp $HOME_NET any -> [181.118.183.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.124/; sid:900610069; rev:1;) alert tcp $HOME_NET any -> [97.118.223.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.118.223.249/; sid:900610070; rev:1;) alert tcp $HOME_NET any -> [190.18.236.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.236.175/; sid:900610071; rev:1;) alert tcp $HOME_NET any -> [70.51.139.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.139.148/; sid:900610072; rev:1;) alert tcp $HOME_NET any -> [27.109.19.90] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.19.90/; sid:900610073; rev:1;) alert tcp $HOME_NET any -> [24.177.111.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.177.111.153/; sid:900610074; rev:1;) alert tcp $HOME_NET any -> [156.220.47.67] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.220.47.67/; sid:900610075; rev:1;) alert tcp $HOME_NET any -> [135.125.241.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.125.241.35/; sid:900610076; rev:1;) alert tcp $HOME_NET any -> [172.86.120.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.120.141/; sid:900610077; rev:1;) alert tcp $HOME_NET any -> [23.106.160.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.141/; sid:900610078; rev:1;) alert tcp $HOME_NET any -> [102.156.146.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.146.34/; sid:900610079; rev:1;) alert tcp $HOME_NET any -> [70.187.0.87] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.187.0.87/; sid:900610080; rev:1;) alert tcp $HOME_NET any -> [103.233.103.85] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.103.85/; sid:900610081; rev:1;) alert tcp $HOME_NET any -> [91.206.178.81] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.81/; sid:900610082; rev:1;) alert tcp $HOME_NET any -> [45.184.179.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.179.188/; sid:900610083; rev:1;) alert tcp $HOME_NET any -> [112.141.184.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.141.184.246/; sid:900610084; rev:1;) alert tcp $HOME_NET any -> [62.46.231.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.46.231.64/; sid:900610085; rev:1;) alert tcp $HOME_NET any -> [109.133.67.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.133.67.116/; sid:900610086; rev:1;) alert tcp $HOME_NET any -> [104.244.77.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.77.61/; sid:900610087; rev:1;) alert tcp $HOME_NET any -> [146.19.173.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.71/; sid:900610088; rev:1;) alert tcp $HOME_NET any -> [174.77.209.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.77.209.5/; sid:900610090; rev:1;) alert tcp $HOME_NET any -> [205.161.22.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.161.22.189/; sid:900610091; rev:1;) alert tcp $HOME_NET any -> [84.35.26.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.35.26.14/; sid:900610092; rev:1;) alert tcp $HOME_NET any -> [74.92.243.113] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.92.243.113/; sid:900610093; rev:1;) alert tcp $HOME_NET any -> [74.92.243.113] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.92.243.113/; sid:900610094; rev:1;) alert tcp $HOME_NET any -> [216.82.134.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.82.134.218/; sid:900610095; rev:1;) alert tcp $HOME_NET any -> [92.185.204.18] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.185.204.18/; sid:900610096; rev:1;) alert tcp $HOME_NET any -> [186.64.67.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.44/; sid:900610097; rev:1;) alert tcp $HOME_NET any -> [179.100.109.130] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.100.109.130/; sid:900610098; rev:1;) alert tcp $HOME_NET any -> [177.17.210.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.17.210.208/; sid:900610099; rev:1;) alert tcp $HOME_NET any -> [41.99.158.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.99.158.37/; sid:900610100; rev:1;) alert tcp $HOME_NET any -> [186.155.62.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.155.62.161/; sid:900610101; rev:1;) alert tcp $HOME_NET any -> [197.1.227.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.227.26/; sid:900610102; rev:1;) alert tcp $HOME_NET any -> [24.69.87.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.87.61/; sid:900610103; rev:1;) alert tcp $HOME_NET any -> [190.207.196.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.207.196.66/; sid:900610104; rev:1;) alert tcp $HOME_NET any -> [217.102.172.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.102.172.187/; sid:900610105; rev:1;) alert tcp $HOME_NET any -> [146.19.253.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.53/; sid:900610106; rev:1;) alert tcp $HOME_NET any -> [85.241.180.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.241.180.94/; sid:900610107; rev:1;) alert tcp $HOME_NET any -> [87.57.13.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.57.13.215/; sid:900610108; rev:1;) alert tcp $HOME_NET any -> [181.55.106.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.55.106.237/; sid:900610109; rev:1;) alert tcp $HOME_NET any -> [186.73.140.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.73.140.43/; sid:900610110; rev:1;) alert tcp $HOME_NET any -> [146.59.116.196] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.196/; sid:900610111; rev:1;) alert tcp $HOME_NET any -> [198.98.56.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.56.242/; sid:900610112; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900610113; rev:1;) alert tcp $HOME_NET any -> [76.68.34.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.34.167/; sid:900610114; rev:1;) alert tcp $HOME_NET any -> [123.3.240.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.3.240.16/; sid:900610115; rev:1;) alert tcp $HOME_NET any -> [65.20.175.208] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.175.208/; sid:900610116; rev:1;) alert tcp $HOME_NET any -> [78.161.38.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.161.38.242/; sid:900610117; rev:1;) alert tcp $HOME_NET any -> [154.247.31.51] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.31.51/; sid:900610118; rev:1;) alert tcp $HOME_NET any -> [154.247.31.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.31.51/; sid:900610119; rev:1;) alert tcp $HOME_NET any -> [154.247.31.51] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.31.51/; sid:900610120; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900610121; rev:1;) alert tcp $HOME_NET any -> [68.146.18.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.146.18.15/; sid:900610122; rev:1;) alert tcp $HOME_NET any -> [78.202.9.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.202.9.97/; sid:900610123; rev:1;) alert tcp $HOME_NET any -> [50.68.204.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.204.71/; sid:900610124; rev:1;) alert tcp $HOME_NET any -> [74.33.84.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.33.84.227/; sid:900610125; rev:1;) alert tcp $HOME_NET any -> [199.68.108.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.68.108.190/; sid:900610126; rev:1;) alert tcp $HOME_NET any -> [102.158.228.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.228.70/; sid:900610127; rev:1;) alert tcp $HOME_NET any -> [24.253.221.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.253.221.86/; sid:900610128; rev:1;) alert tcp $HOME_NET any -> [76.125.91.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.125.91.160/; sid:900610129; rev:1;) alert tcp $HOME_NET any -> [174.0.224.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.0.224.214/; sid:900610130; rev:1;) alert tcp $HOME_NET any -> [190.203.11.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.203.11.218/; sid:900610131; rev:1;) alert tcp $HOME_NET any -> [146.70.125.80] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.125.80/; sid:900610132; rev:1;) alert tcp $HOME_NET any -> [156.220.4.75] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.220.4.75/; sid:900610133; rev:1;) alert tcp $HOME_NET any -> [172.219.147.156] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.219.147.156/; sid:900610134; rev:1;) alert tcp $HOME_NET any -> [45.49.137.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.49.137.80/; sid:900610135; rev:1;) alert tcp $HOME_NET any -> [88.171.156.150] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.171.156.150/; sid:900610136; rev:1;) alert tcp $HOME_NET any -> [94.49.5.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.49.5.116/; sid:900610137; rev:1;) alert tcp $HOME_NET any -> [73.88.173.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.88.173.113/; sid:900610138; rev:1;) alert tcp $HOME_NET any -> [142.161.120.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.161.120.116/; sid:900610139; rev:1;) alert tcp $HOME_NET any -> [49.175.72.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.56/; sid:900610140; rev:1;) alert tcp $HOME_NET any -> [78.162.245.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.162.245.96/; sid:900610141; rev:1;) alert tcp $HOME_NET any -> [70.64.77.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.77.115/; sid:900610142; rev:1;) alert tcp $HOME_NET any -> [212.114.52.124] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.114.52.124/; sid:900610143; rev:1;) alert tcp $HOME_NET any -> [23.108.57.5] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.5/; sid:900610144; rev:1;) alert tcp $HOME_NET any -> [66.131.25.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.131.25.6/; sid:900610145; rev:1;) alert tcp $HOME_NET any -> [182.66.197.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.66.197.35/; sid:900610146; rev:1;) alert tcp $HOME_NET any -> [182.162.143.56] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.162.143.56/; sid:900610147; rev:1;) alert tcp $HOME_NET any -> [169.60.181.70] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.60.181.70/; sid:900610148; rev:1;) alert tcp $HOME_NET any -> [149.28.143.92] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.143.92/; sid:900610149; rev:1;) alert tcp $HOME_NET any -> [186.250.48.5] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.5/; sid:900610150; rev:1;) alert tcp $HOME_NET any -> [91.187.140.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.187.140.35/; sid:900610151; rev:1;) alert tcp $HOME_NET any -> [167.172.199.165] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.199.165/; sid:900610152; rev:1;) alert tcp $HOME_NET any -> [187.63.160.88] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.63.160.88/; sid:900610153; rev:1;) alert tcp $HOME_NET any -> [97.119.133.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.119.133.150/; sid:900610154; rev:1;) alert tcp $HOME_NET any -> [94.60.141.48] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.60.141.48/; sid:900610155; rev:1;) alert tcp $HOME_NET any -> [73.165.119.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.165.119.20/; sid:900610156; rev:1;) alert tcp $HOME_NET any -> [201.245.250.192] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.250.192/; sid:900610157; rev:1;) alert tcp $HOME_NET any -> [174.4.112.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.4.112.228/; sid:900610158; rev:1;) alert tcp $HOME_NET any -> [157.231.42.190] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.231.42.190/; sid:900610159; rev:1;) alert tcp $HOME_NET any -> [174.104.184.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.104.184.149/; sid:900610160; rev:1;) alert tcp $HOME_NET any -> [109.151.171.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.151.171.116/; sid:900610161; rev:1;) alert tcp $HOME_NET any -> [50.37.149.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.37.149.215/; sid:900610162; rev:1;) alert tcp $HOME_NET any -> [190.207.121.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.207.121.156/; sid:900610163; rev:1;) alert tcp $HOME_NET any -> [67.87.214.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.87.214.7/; sid:900610164; rev:1;) alert tcp $HOME_NET any -> [142.118.239.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.239.135/; sid:900610165; rev:1;) alert tcp $HOME_NET any -> [62.35.100.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.100.38/; sid:900610166; rev:1;) alert tcp $HOME_NET any -> [58.162.223.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.162.223.233/; sid:900610167; rev:1;) alert tcp $HOME_NET any -> [187.199.171.252] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.171.252/; sid:900610168; rev:1;) alert tcp $HOME_NET any -> [204.210.210.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.210.210.7/; sid:900610169; rev:1;) alert tcp $HOME_NET any -> [91.138.17.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.138.17.202/; sid:900610170; rev:1;) alert tcp $HOME_NET any -> [157.231.42.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.231.42.190/; sid:900610171; rev:1;) alert tcp $HOME_NET any -> [74.59.46.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.46.149/; sid:900610172; rev:1;) alert tcp $HOME_NET any -> [41.44.11.227] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.44.11.227/; sid:900610173; rev:1;) alert tcp $HOME_NET any -> [64.127.146.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.127.146.153/; sid:900610174; rev:1;) alert tcp $HOME_NET any -> [78.165.146.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.165.146.61/; sid:900610175; rev:1;) alert tcp $HOME_NET any -> [146.70.135.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.135.135/; sid:900610176; rev:1;) alert tcp $HOME_NET any -> [99.253.103.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.253.103.210/; sid:900610177; rev:1;) alert tcp $HOME_NET any -> [50.86.217.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.86.217.209/; sid:900610178; rev:1;) alert tcp $HOME_NET any -> [27.254.65.114] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.65.114/; sid:900610179; rev:1;) alert tcp $HOME_NET any -> [217.39.57.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.39.57.121/; sid:900610180; rev:1;) alert tcp $HOME_NET any -> [159.65.3.147] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900610181; rev:1;) alert tcp $HOME_NET any -> [108.44.207.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.44.207.232/; sid:900610182; rev:1;) alert tcp $HOME_NET any -> [103.42.56.15] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.56.15/; sid:900610183; rev:1;) alert tcp $HOME_NET any -> [176.223.165.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.165.119/; sid:900610184; rev:1;) alert tcp $HOME_NET any -> [51.75.63.234] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.63.234/; sid:900610185; rev:1;) alert tcp $HOME_NET any -> [193.109.120.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.109.120.156/; sid:900610186; rev:1;) alert tcp $HOME_NET any -> [104.168.171.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.171.189/; sid:900610187; rev:1;) alert tcp $HOME_NET any -> [192.111.146.184] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.184/; sid:900610188; rev:1;) alert tcp $HOME_NET any -> [104.219.233.113] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.113/; sid:900610189; rev:1;) alert tcp $HOME_NET any -> [86.173.19.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.19.76/; sid:900610190; rev:1;) alert tcp $HOME_NET any -> [173.32.181.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.32.181.236/; sid:900610191; rev:1;) alert tcp $HOME_NET any -> [68.103.242.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.103.242.126/; sid:900610192; rev:1;) alert tcp $HOME_NET any -> [92.239.81.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.239.81.124/; sid:900610193; rev:1;) alert tcp $HOME_NET any -> [110.4.255.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.4.255.247/; sid:900610194; rev:1;) alert tcp $HOME_NET any -> [178.192.56.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.192.56.13/; sid:900610195; rev:1;) alert tcp $HOME_NET any -> [97.119.214.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.119.214.233/; sid:900610196; rev:1;) alert tcp $HOME_NET any -> [47.6.225.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.225.229/; sid:900610197; rev:1;) alert tcp $HOME_NET any -> [181.118.183.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.103/; sid:900610198; rev:1;) alert tcp $HOME_NET any -> [212.251.122.147] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.251.122.147/; sid:900610199; rev:1;) alert tcp $HOME_NET any -> [92.90.101.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.90.101.167/; sid:900610200; rev:1;) alert tcp $HOME_NET any -> [87.218.114.203] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.218.114.203/; sid:900610201; rev:1;) alert tcp $HOME_NET any -> [154.247.15.173] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.15.173/; sid:900610202; rev:1;) alert tcp $HOME_NET any -> [87.220.68.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.68.51/; sid:900610203; rev:1;) alert tcp $HOME_NET any -> [88.122.208.197] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.122.208.197/; sid:900610204; rev:1;) alert tcp $HOME_NET any -> [75.156.125.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.125.215/; sid:900610205; rev:1;) alert tcp $HOME_NET any -> [75.99.125.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.125.238/; sid:900610206; rev:1;) alert tcp $HOME_NET any -> [84.113.121.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.113.121.103/; sid:900610207; rev:1;) alert tcp $HOME_NET any -> [66.180.227.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.227.170/; sid:900610208; rev:1;) alert tcp $HOME_NET any -> [46.229.194.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.229.194.17/; sid:900610209; rev:1;) alert tcp $HOME_NET any -> [172.249.99.143] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.249.99.143/; sid:900610210; rev:1;) alert tcp $HOME_NET any -> [47.34.30.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.34.30.133/; sid:900610211; rev:1;) alert tcp $HOME_NET any -> [105.154.112.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.154.112.77/; sid:900610212; rev:1;) alert tcp $HOME_NET any -> [91.68.227.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.68.227.219/; sid:900610213; rev:1;) alert tcp $HOME_NET any -> [92.24.200.226] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.24.200.226/; sid:900610214; rev:1;) alert tcp $HOME_NET any -> [62.31.130.138] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.31.130.138/; sid:900610215; rev:1;) alert tcp $HOME_NET any -> [89.216.114.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.114.179/; sid:900610216; rev:1;) alert tcp $HOME_NET any -> [89.115.196.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.115.196.99/; sid:900610217; rev:1;) alert tcp $HOME_NET any -> [154.247.15.173] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.15.173/; sid:900610218; rev:1;) alert tcp $HOME_NET any -> [73.36.196.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.36.196.11/; sid:900610219; rev:1;) alert tcp $HOME_NET any -> [154.247.15.173] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.15.173/; sid:900610220; rev:1;) alert tcp $HOME_NET any -> [201.192.179.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.179.221/; sid:900610221; rev:1;) alert tcp $HOME_NET any -> [75.98.154.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.98.154.19/; sid:900610222; rev:1;) alert tcp $HOME_NET any -> [91.169.12.198] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.169.12.198/; sid:900610223; rev:1;) alert tcp $HOME_NET any -> [86.225.214.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.225.214.138/; sid:900610224; rev:1;) alert tcp $HOME_NET any -> [154.247.15.173] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.15.173/; sid:900610225; rev:1;) alert tcp $HOME_NET any -> [154.247.15.173] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.15.173/; sid:900610226; rev:1;) alert tcp $HOME_NET any -> [94.15.58.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.15.58.251/; sid:900610227; rev:1;) alert tcp $HOME_NET any -> [87.223.89.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.89.23/; sid:900610228; rev:1;) alert tcp $HOME_NET any -> [91.165.188.74] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.165.188.74/; sid:900610229; rev:1;) alert tcp $HOME_NET any -> [108.62.118.114] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.114/; sid:900610230; rev:1;) alert tcp $HOME_NET any -> [190.199.109.80] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.109.80/; sid:900610231; rev:1;) alert tcp $HOME_NET any -> [80.0.74.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.0.74.165/; sid:900610232; rev:1;) alert tcp $HOME_NET any -> [84.209.52.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.209.52.11/; sid:900610233; rev:1;) alert tcp $HOME_NET any -> [151.30.53.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.30.53.233/; sid:900610234; rev:1;) alert tcp $HOME_NET any -> [27.33.237.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.33.237.105/; sid:900610235; rev:1;) alert tcp $HOME_NET any -> [24.4.239.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.4.239.157/; sid:900610236; rev:1;) alert tcp $HOME_NET any -> [142.115.159.36] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.115.159.36/; sid:900610237; rev:1;) alert tcp $HOME_NET any -> [86.185.119.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.185.119.90/; sid:900610238; rev:1;) alert tcp $HOME_NET any -> [24.232.88.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.88.41/; sid:900610239; rev:1;) alert tcp $HOME_NET any -> [174.58.146.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.58.146.57/; sid:900610240; rev:1;) alert tcp $HOME_NET any -> [70.181.149.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.181.149.227/; sid:900610241; rev:1;) alert tcp $HOME_NET any -> [110.23.76.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.23.76.9/; sid:900610242; rev:1;) alert tcp $HOME_NET any -> [75.141.227.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.141.227.169/; sid:900610243; rev:1;) alert tcp $HOME_NET any -> [136.244.25.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.244.25.165/; sid:900610244; rev:1;) alert tcp $HOME_NET any -> [139.5.239.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.239.14/; sid:900610245; rev:1;) alert tcp $HOME_NET any -> [83.11.89.137] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.11.89.137/; sid:900610246; rev:1;) alert tcp $HOME_NET any -> [82.141.152.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.141.152.214/; sid:900610247; rev:1;) alert tcp $HOME_NET any -> [146.70.147.7] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.147.7/; sid:900610248; rev:1;) alert tcp $HOME_NET any -> [146.70.161.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.161.59/; sid:900610249; rev:1;) alert tcp $HOME_NET any -> [192.236.194.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.194.104/; sid:900610250; rev:1;) alert tcp $HOME_NET any -> [64.44.102.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.224/; sid:900610251; rev:1;) alert tcp $HOME_NET any -> [87.99.116.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.99.116.47/; sid:900610252; rev:1;) alert tcp $HOME_NET any -> [86.129.13.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.129.13.178/; sid:900610253; rev:1;) alert tcp $HOME_NET any -> [73.223.248.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.223.248.31/; sid:900610254; rev:1;) alert tcp $HOME_NET any -> [92.25.139.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.25.139.40/; sid:900610255; rev:1;) alert tcp $HOME_NET any -> [190.199.161.250] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.161.250/; sid:900610256; rev:1;) alert tcp $HOME_NET any -> [70.66.199.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.66.199.12/; sid:900610257; rev:1;) alert tcp $HOME_NET any -> [139.216.164.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.216.164.122/; sid:900610258; rev:1;) alert tcp $HOME_NET any -> [24.142.218.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.142.218.202/; sid:900610259; rev:1;) alert tcp $HOME_NET any -> [174.101.111.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.101.111.4/; sid:900610260; rev:1;) alert tcp $HOME_NET any -> [72.53.103.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.53.103.56/; sid:900610261; rev:1;) alert tcp $HOME_NET any -> [73.29.92.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.29.92.128/; sid:900610262; rev:1;) alert tcp $HOME_NET any -> [105.184.161.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.161.175/; sid:900610263; rev:1;) alert tcp $HOME_NET any -> [184.153.132.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.153.132.82/; sid:900610264; rev:1;) alert tcp $HOME_NET any -> [67.10.175.47] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.175.47/; sid:900610265; rev:1;) alert tcp $HOME_NET any -> [90.104.22.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.104.22.28/; sid:900610266; rev:1;) alert tcp $HOME_NET any -> [184.162.156.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.162.156.115/; sid:900610267; rev:1;) alert tcp $HOME_NET any -> [24.64.114.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.114.59/; sid:900610268; rev:1;) alert tcp $HOME_NET any -> [24.64.114.59] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.114.59/; sid:900610269; rev:1;) alert tcp $HOME_NET any -> [190.36.189.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.36.189.154/; sid:900610270; rev:1;) alert tcp $HOME_NET any -> [85.61.165.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.61.165.153/; sid:900610271; rev:1;) alert tcp $HOME_NET any -> [206.1.199.69] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.1.199.69/; sid:900610272; rev:1;) alert tcp $HOME_NET any -> [94.63.65.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.63.65.146/; sid:900610273; rev:1;) alert tcp $HOME_NET any -> [203.217.65.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.217.65.6/; sid:900610274; rev:1;) alert tcp $HOME_NET any -> [72.80.249.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.249.39/; sid:900610275; rev:1;) alert tcp $HOME_NET any -> [190.27.77.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.27.77.14/; sid:900610276; rev:1;) alert tcp $HOME_NET any -> [41.230.166.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.166.34/; sid:900610277; rev:1;) alert tcp $HOME_NET any -> [190.79.133.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.133.56/; sid:900610278; rev:1;) alert tcp $HOME_NET any -> [92.239.222.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.239.222.177/; sid:900610279; rev:1;) alert tcp $HOME_NET any -> [190.204.83.110] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.204.83.110/; sid:900610280; rev:1;) alert tcp $HOME_NET any -> [76.185.166.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.166.168/; sid:900610281; rev:1;) alert tcp $HOME_NET any -> [86.157.12.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.157.12.148/; sid:900610282; rev:1;) alert tcp $HOME_NET any -> [172.93.193.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.149/; sid:900610283; rev:1;) alert tcp $HOME_NET any -> [45.62.78.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.78.1/; sid:900610285; rev:1;) alert tcp $HOME_NET any -> [98.145.23.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.145.23.67/; sid:900610286; rev:1;) alert tcp $HOME_NET any -> [173.209.185.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.209.185.159/; sid:900610287; rev:1;) alert tcp $HOME_NET any -> [173.238.202.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.238.202.233/; sid:900610288; rev:1;) alert tcp $HOME_NET any -> [151.237.76.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.76.117/; sid:900610289; rev:1;) alert tcp $HOME_NET any -> [85.59.61.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.59.61.52/; sid:900610291; rev:1;) alert tcp $HOME_NET any -> [146.70.139.252] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.139.252/; sid:900610292; rev:1;) alert tcp $HOME_NET any -> [54.37.131.10] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.10/; sid:900610293; rev:1;) alert tcp $HOME_NET any -> [192.119.120.146] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.120.146/; sid:900610294; rev:1;) alert tcp $HOME_NET any -> [45.61.187.160] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.160/; sid:900610295; rev:1;) alert tcp $HOME_NET any -> [91.245.254.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.254.101/; sid:900610296; rev:1;) alert tcp $HOME_NET any -> [66.168.180.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.168.180.66/; sid:900610297; rev:1;) alert tcp $HOME_NET any -> [187.37.47.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.37.47.42/; sid:900610298; rev:1;) alert tcp $HOME_NET any -> [107.189.30.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.30.231/; sid:900610299; rev:1;) alert tcp $HOME_NET any -> [167.71.4.0] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.4.0/; sid:900610300; rev:1;) alert tcp $HOME_NET any -> [194.135.33.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.127/; sid:900610301; rev:1;) alert tcp $HOME_NET any -> [103.144.139.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.156/; sid:900610302; rev:1;) alert tcp $HOME_NET any -> [172.86.121.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.121.123/; sid:900610303; rev:1;) alert tcp $HOME_NET any -> [85.239.52.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.52.15/; sid:900610304; rev:1;) alert tcp $HOME_NET any -> [85.239.54.192] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.54.192/; sid:900610305; rev:1;) alert tcp $HOME_NET any -> [85.239.52.113] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.52.113/; sid:900610306; rev:1;) alert tcp $HOME_NET any -> [46.190.93.247] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.190.93.247/; sid:900610307; rev:1;) alert tcp $HOME_NET any -> [104.219.233.129] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.129/; sid:900610308; rev:1;) alert tcp $HOME_NET any -> [146.19.253.28] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.253.28/; sid:900610309; rev:1;) alert tcp $HOME_NET any -> [176.223.165.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.165.108/; sid:900610310; rev:1;) alert tcp $HOME_NET any -> [146.70.149.38] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.38/; sid:900610311; rev:1;) alert tcp $HOME_NET any -> [152.171.41.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.41.171/; sid:900610312; rev:1;) alert tcp $HOME_NET any -> [104.219.233.130] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.130/; sid:900610313; rev:1;) alert tcp $HOME_NET any -> [192.236.194.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.194.101/; sid:900610314; rev:1;) alert tcp $HOME_NET any -> [104.219.233.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.127/; sid:900610315; rev:1;) alert tcp $HOME_NET any -> [146.70.161.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.161.82/; sid:900610316; rev:1;) alert tcp $HOME_NET any -> [176.223.165.125] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.165.125/; sid:900610317; rev:1;) alert tcp $HOME_NET any -> [45.66.248.216] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.248.216/; sid:900610318; rev:1;) alert tcp $HOME_NET any -> [51.83.225.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.225.143/; sid:900610319; rev:1;) alert tcp $HOME_NET any -> [146.70.100.80] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.100.80/; sid:900610320; rev:1;) alert tcp $HOME_NET any -> [64.44.101.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.101.25/; sid:900610321; rev:1;) alert tcp $HOME_NET any -> [104.219.233.125] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.125/; sid:900610322; rev:1;) alert tcp $HOME_NET any -> [73.60.227.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.227.230/; sid:900610324; rev:1;) alert tcp $HOME_NET any -> [115.178.55.22] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.178.55.22/; sid:900610325; rev:1;) alert tcp $HOME_NET any -> [172.105.115.71] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.115.71/; sid:900610326; rev:1;) alert tcp $HOME_NET any -> [173.255.211.88] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.211.88/; sid:900610327; rev:1;) alert tcp $HOME_NET any -> [45.63.99.23] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.99.23/; sid:900610328; rev:1;) alert tcp $HOME_NET any -> [104.219.233.38] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.38/; sid:900610329; rev:1;) alert tcp $HOME_NET any -> [146.59.116.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.242/; sid:900610330; rev:1;) alert tcp $HOME_NET any -> [192.119.87.45] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.87.45/; sid:900610331; rev:1;) alert tcp $HOME_NET any -> [192.119.120.22] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.120.22/; sid:900610332; rev:1;) alert tcp $HOME_NET any -> [192.236.208.19] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.208.19/; sid:900610333; rev:1;) alert tcp $HOME_NET any -> [138.207.238.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.238.47/; sid:900610334; rev:1;) alert tcp $HOME_NET any -> [45.61.187.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.40/; sid:900610335; rev:1;) alert tcp $HOME_NET any -> [54.37.130.24] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.24/; sid:900610336; rev:1;) alert tcp $HOME_NET any -> [64.44.102.239] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.239/; sid:900610337; rev:1;) alert tcp $HOME_NET any -> [92.27.86.48] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.86.48/; sid:900610338; rev:1;) alert tcp $HOME_NET any -> [170.253.25.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.253.25.35/; sid:900610339; rev:1;) alert tcp $HOME_NET any -> [105.103.27.80] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.27.80/; sid:900610340; rev:1;) alert tcp $HOME_NET any -> [24.64.114.59] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.114.59/; sid:900610341; rev:1;) alert tcp $HOME_NET any -> [92.207.132.174] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.207.132.174/; sid:900610342; rev:1;) alert tcp $HOME_NET any -> [86.129.13.128] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.129.13.128/; sid:900610343; rev:1;) alert tcp $HOME_NET any -> [108.6.249.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.6.249.139/; sid:900610344; rev:1;) alert tcp $HOME_NET any -> [74.66.134.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.66.134.24/; sid:900610345; rev:1;) alert tcp $HOME_NET any -> [82.121.237.106] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.121.237.106/; sid:900610346; rev:1;) alert tcp $HOME_NET any -> [105.184.161.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.161.242/; sid:900610347; rev:1;) alert tcp $HOME_NET any -> [105.103.27.80] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.27.80/; sid:900610348; rev:1;) alert tcp $HOME_NET any -> [105.103.27.80] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.27.80/; sid:900610349; rev:1;) alert tcp $HOME_NET any -> [87.220.205.14] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.205.14/; sid:900610350; rev:1;) alert tcp $HOME_NET any -> [2.84.98.228] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.84.98.228/; sid:900610351; rev:1;) alert tcp $HOME_NET any -> [213.91.235.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.91.235.146/; sid:900610352; rev:1;) alert tcp $HOME_NET any -> [79.37.204.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.37.204.67/; sid:900610353; rev:1;) alert tcp $HOME_NET any -> [90.221.5.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.221.5.105/; sid:900610354; rev:1;) alert tcp $HOME_NET any -> [213.67.255.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.67.255.57/; sid:900610355; rev:1;) alert tcp $HOME_NET any -> [92.137.74.174] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.137.74.174/; sid:900610356; rev:1;) alert tcp $HOME_NET any -> [24.49.232.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.49.232.96/; sid:900610357; rev:1;) alert tcp $HOME_NET any -> [24.49.232.96] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.49.232.96/; sid:900610358; rev:1;) alert tcp $HOME_NET any -> [109.11.175.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.11.175.42/; sid:900610359; rev:1;) alert tcp $HOME_NET any -> [92.106.70.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.106.70.62/; sid:900610360; rev:1;) alert tcp $HOME_NET any -> [76.127.192.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.127.192.23/; sid:900610361; rev:1;) alert tcp $HOME_NET any -> [24.28.121.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.121.122/; sid:900610362; rev:1;) alert tcp $HOME_NET any -> [77.126.81.208] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.126.81.208/; sid:900610363; rev:1;) alert tcp $HOME_NET any -> [105.103.27.80] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.27.80/; sid:900610364; rev:1;) alert tcp $HOME_NET any -> [81.159.252.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.159.252.167/; sid:900610365; rev:1;) alert tcp $HOME_NET any -> [75.143.236.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.143.236.149/; sid:900610366; rev:1;) alert tcp $HOME_NET any -> [176.142.207.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.142.207.63/; sid:900610367; rev:1;) alert tcp $HOME_NET any -> [170.249.59.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.249.59.153/; sid:900610368; rev:1;) alert tcp $HOME_NET any -> [151.32.168.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.32.168.124/; sid:900610369; rev:1;) alert tcp $HOME_NET any -> [173.239.94.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.239.94.212/; sid:900610370; rev:1;) alert tcp $HOME_NET any -> [85.74.158.150] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.74.158.150/; sid:900610371; rev:1;) alert tcp $HOME_NET any -> [87.65.160.87] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.65.160.87/; sid:900610372; rev:1;) alert tcp $HOME_NET any -> [69.133.162.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.133.162.35/; sid:900610373; rev:1;) alert tcp $HOME_NET any -> [81.229.117.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.229.117.95/; sid:900610374; rev:1;) alert tcp $HOME_NET any -> [68.47.128.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.47.128.161/; sid:900610375; rev:1;) alert tcp $HOME_NET any -> [24.64.114.59] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.114.59/; sid:900610376; rev:1;) alert tcp $HOME_NET any -> [88.126.94.4] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.126.94.4/; sid:900610377; rev:1;) alert tcp $HOME_NET any -> [82.127.174.33] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.174.33/; sid:900610378; rev:1;) alert tcp $HOME_NET any -> [47.41.154.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.41.154.250/; sid:900610379; rev:1;) alert tcp $HOME_NET any -> [72.82.136.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.82.136.90/; sid:900610380; rev:1;) alert tcp $HOME_NET any -> [174.45.15.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.45.15.123/; sid:900610381; rev:1;) alert tcp $HOME_NET any -> [91.180.68.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.180.68.95/; sid:900610382; rev:1;) alert tcp $HOME_NET any -> [83.11.84.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.11.84.105/; sid:900610383; rev:1;) alert tcp $HOME_NET any -> [109.152.70.207] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.152.70.207/; sid:900610384; rev:1;) alert tcp $HOME_NET any -> [37.14.229.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.14.229.220/; sid:900610385; rev:1;) alert tcp $HOME_NET any -> [93.164.248.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.164.248.234/; sid:900610386; rev:1;) alert tcp $HOME_NET any -> [64.44.135.140] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.140/; sid:900610387; rev:1;) alert tcp $HOME_NET any -> [146.70.149.43] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.43/; sid:900610388; rev:1;) alert tcp $HOME_NET any -> [103.144.139.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.150/; sid:900610389; rev:1;) alert tcp $HOME_NET any -> [78.69.251.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.69.251.252/; sid:900610390; rev:1;) alert tcp $HOME_NET any -> [24.228.132.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.228.132.224/; sid:900610391; rev:1;) alert tcp $HOME_NET any -> [107.189.13.247] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.13.247/; sid:900610392; rev:1;) alert tcp $HOME_NET any -> [86.171.75.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.171.75.63/; sid:900610393; rev:1;) alert tcp $HOME_NET any -> [197.1.200.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.200.71/; sid:900610394; rev:1;) alert tcp $HOME_NET any -> [199.83.165.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.83.165.233/; sid:900610395; rev:1;) alert tcp $HOME_NET any -> [80.103.77.44] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.103.77.44/; sid:900610396; rev:1;) alert tcp $HOME_NET any -> [82.34.170.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.34.170.37/; sid:900610397; rev:1;) alert tcp $HOME_NET any -> [80.13.179.151] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.13.179.151/; sid:900610398; rev:1;) alert tcp $HOME_NET any -> [95.214.107.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.214.107.21/; sid:900610399; rev:1;) alert tcp $HOME_NET any -> [86.45.66.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.45.66.141/; sid:900610400; rev:1;) alert tcp $HOME_NET any -> [92.149.205.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.149.205.238/; sid:900610401; rev:1;) alert tcp $HOME_NET any -> [86.133.237.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.133.237.3/; sid:900610402; rev:1;) alert tcp $HOME_NET any -> [70.120.228.205] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.120.228.205/; sid:900610403; rev:1;) alert tcp $HOME_NET any -> [142.161.27.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.161.27.232/; sid:900610404; rev:1;) alert tcp $HOME_NET any -> [41.109.78.231] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.109.78.231/; sid:900610406; rev:1;) alert tcp $HOME_NET any -> [92.189.214.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.189.214.236/; sid:900610407; rev:1;) alert tcp $HOME_NET any -> [180.151.104.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.104.143/; sid:900610408; rev:1;) alert tcp $HOME_NET any -> [46.177.99.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.177.99.230/; sid:900610409; rev:1;) alert tcp $HOME_NET any -> [100.16.107.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.16.107.117/; sid:900610410; rev:1;) alert tcp $HOME_NET any -> [89.129.109.27] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.129.109.27/; sid:900610411; rev:1;) alert tcp $HOME_NET any -> [93.24.192.142] 20 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.24.192.142/; sid:900610412; rev:1;) alert tcp $HOME_NET any -> [2.98.146.106] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.98.146.106/; sid:900610413; rev:1;) alert tcp $HOME_NET any -> [62.35.67.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.67.88/; sid:900610414; rev:1;) alert tcp $HOME_NET any -> [87.202.101.164] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.202.101.164/; sid:900610415; rev:1;) alert tcp $HOME_NET any -> [178.169.196.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.169.196.115/; sid:900610416; rev:1;) alert tcp $HOME_NET any -> [27.99.45.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.99.45.237/; sid:900610417; rev:1;) alert tcp $HOME_NET any -> [81.111.108.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.111.108.123/; sid:900610418; rev:1;) alert tcp $HOME_NET any -> [61.92.123.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.92.123.169/; sid:900610419; rev:1;) alert tcp $HOME_NET any -> [76.80.180.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.80.180.154/; sid:900610420; rev:1;) alert tcp $HOME_NET any -> [82.31.37.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.31.37.241/; sid:900610421; rev:1;) alert tcp $HOME_NET any -> [172.90.139.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.90.139.138/; sid:900610422; rev:1;) alert tcp $HOME_NET any -> [76.80.180.154] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.80.180.154/; sid:900610423; rev:1;) alert tcp $HOME_NET any -> [92.109.39.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.109.39.207/; sid:900610424; rev:1;) alert tcp $HOME_NET any -> [87.223.80.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.80.45/; sid:900610425; rev:1;) alert tcp $HOME_NET any -> [209.171.163.72] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.171.163.72/; sid:900610426; rev:1;) alert tcp $HOME_NET any -> [190.78.64.132] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.78.64.132/; sid:900610427; rev:1;) alert tcp $HOME_NET any -> [186.64.67.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.39/; sid:900610428; rev:1;) alert tcp $HOME_NET any -> [142.119.40.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.119.40.220/; sid:900610429; rev:1;) alert tcp $HOME_NET any -> [99.229.146.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.229.146.120/; sid:900610430; rev:1;) alert tcp $HOME_NET any -> [86.158.3.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.158.3.195/; sid:900610431; rev:1;) alert tcp $HOME_NET any -> [70.121.198.103] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.121.198.103/; sid:900610432; rev:1;) alert tcp $HOME_NET any -> [88.152.182.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.152.182.39/; sid:900610433; rev:1;) alert tcp $HOME_NET any -> [2.83.62.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.83.62.105/; sid:900610434; rev:1;) alert tcp $HOME_NET any -> [90.78.85.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.85.59/; sid:900610435; rev:1;) alert tcp $HOME_NET any -> [90.89.95.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.89.95.158/; sid:900610436; rev:1;) alert tcp $HOME_NET any -> [82.41.186.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.41.186.124/; sid:900610437; rev:1;) alert tcp $HOME_NET any -> [172.86.122.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.122.167/; sid:900610438; rev:1;) alert tcp $HOME_NET any -> [89.240.102.164] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.240.102.164/; sid:900610439; rev:1;) alert tcp $HOME_NET any -> [78.92.133.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.92.133.215/; sid:900610440; rev:1;) alert tcp $HOME_NET any -> [2.88.219.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.88.219.187/; sid:900610441; rev:1;) alert tcp $HOME_NET any -> [200.93.14.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.14.206/; sid:900610442; rev:1;) alert tcp $HOME_NET any -> [79.92.15.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.92.15.6/; sid:900610443; rev:1;) alert tcp $HOME_NET any -> [131.106.168.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.106.168.223/; sid:900610444; rev:1;) alert tcp $HOME_NET any -> [73.230.28.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.230.28.7/; sid:900610445; rev:1;) alert tcp $HOME_NET any -> [82.154.201.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.154.201.177/; sid:900610446; rev:1;) alert tcp $HOME_NET any -> [156.217.219.147] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.219.147/; sid:900610447; rev:1;) alert tcp $HOME_NET any -> [82.155.111.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.155.111.187/; sid:900610448; rev:1;) alert tcp $HOME_NET any -> [81.129.134.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.134.53/; sid:900610449; rev:1;) alert tcp $HOME_NET any -> [98.30.233.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.30.233.14/; sid:900610450; rev:1;) alert tcp $HOME_NET any -> [94.70.37.145] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.37.145/; sid:900610451; rev:1;) alert tcp $HOME_NET any -> [70.50.3.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.3.214/; sid:900610452; rev:1;) alert tcp $HOME_NET any -> [193.92.233.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.92.233.183/; sid:900610453; rev:1;) alert tcp $HOME_NET any -> [80.189.213.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.189.213.49/; sid:900610454; rev:1;) alert tcp $HOME_NET any -> [103.144.139.158] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.158/; sid:900610455; rev:1;) alert tcp $HOME_NET any -> [23.108.57.200] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.200/; sid:900610456; rev:1;) alert tcp $HOME_NET any -> [23.106.160.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.137/; sid:900610457; rev:1;) alert tcp $HOME_NET any -> [71.31.101.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.101.183/; sid:900610458; rev:1;) alert tcp $HOME_NET any -> [73.22.121.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.22.121.210/; sid:900610459; rev:1;) alert tcp $HOME_NET any -> [186.28.85.119] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.28.85.119/; sid:900610460; rev:1;) alert tcp $HOME_NET any -> [98.211.64.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.211.64.94/; sid:900610461; rev:1;) alert tcp $HOME_NET any -> [90.162.45.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.162.45.154/; sid:900610462; rev:1;) alert tcp $HOME_NET any -> [70.51.153.72] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.72/; sid:900610463; rev:1;) alert tcp $HOME_NET any -> [76.20.42.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.20.42.45/; sid:900610464; rev:1;) alert tcp $HOME_NET any -> [75.191.246.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.191.246.70/; sid:900610465; rev:1;) alert tcp $HOME_NET any -> [90.4.98.190] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.4.98.190/; sid:900610466; rev:1;) alert tcp $HOME_NET any -> [86.195.32.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.32.149/; sid:900610467; rev:1;) alert tcp $HOME_NET any -> [188.92.64.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.92.64.68/; sid:900610468; rev:1;) alert tcp $HOME_NET any -> [109.145.27.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.145.27.139/; sid:900610469; rev:1;) alert tcp $HOME_NET any -> [176.151.15.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.151.15.101/; sid:900610470; rev:1;) alert tcp $HOME_NET any -> [66.191.69.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.191.69.18/; sid:900610471; rev:1;) alert tcp $HOME_NET any -> [177.205.92.100] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.205.92.100/; sid:900610472; rev:1;) alert tcp $HOME_NET any -> [82.9.210.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.9.210.36/; sid:900610473; rev:1;) alert tcp $HOME_NET any -> [80.121.8.212] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.121.8.212/; sid:900610474; rev:1;) alert tcp $HOME_NET any -> [187.199.224.16] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.224.16/; sid:900610475; rev:1;) alert tcp $HOME_NET any -> [82.121.73.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.121.73.56/; sid:900610476; rev:1;) alert tcp $HOME_NET any -> [190.75.110.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.110.239/; sid:900610477; rev:1;) alert tcp $HOME_NET any -> [65.190.156.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.190.156.10/; sid:900610478; rev:1;) alert tcp $HOME_NET any -> [173.18.126.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.126.3/; sid:900610479; rev:1;) alert tcp $HOME_NET any -> [181.118.183.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.116/; sid:900610480; rev:1;) alert tcp $HOME_NET any -> [105.103.50.1] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.50.1/; sid:900610481; rev:1;) alert tcp $HOME_NET any -> [121.122.99.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.122.99.151/; sid:900610482; rev:1;) alert tcp $HOME_NET any -> [86.176.144.225] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.225/; sid:900610483; rev:1;) alert tcp $HOME_NET any -> [177.46.111.176] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.46.111.176/; sid:900610484; rev:1;) alert tcp $HOME_NET any -> [76.9.168.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.9.168.249/; sid:900610485; rev:1;) alert tcp $HOME_NET any -> [83.7.53.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.53.150/; sid:900610486; rev:1;) alert tcp $HOME_NET any -> [64.121.161.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.121.161.102/; sid:900610487; rev:1;) alert tcp $HOME_NET any -> [47.16.73.77] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.73.77/; sid:900610488; rev:1;) alert tcp $HOME_NET any -> [71.67.96.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.67.96.151/; sid:900610489; rev:1;) alert tcp $HOME_NET any -> [183.82.100.110] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.100.110/; sid:900610490; rev:1;) alert tcp $HOME_NET any -> [91.254.215.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.215.167/; sid:900610491; rev:1;) alert tcp $HOME_NET any -> [197.148.17.17] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.148.17.17/; sid:900610492; rev:1;) alert tcp $HOME_NET any -> [105.103.50.1] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.103.50.1/; sid:900610493; rev:1;) alert tcp $HOME_NET any -> [78.253.154.211] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.253.154.211/; sid:900610494; rev:1;) alert tcp $HOME_NET any -> [86.165.15.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.15.180/; sid:900610495; rev:1;) alert tcp $HOME_NET any -> [2.99.47.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.99.47.198/; sid:900610496; rev:1;) alert tcp $HOME_NET any -> [89.152.120.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.152.120.181/; sid:900610497; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610498; rev:1;) alert tcp $HOME_NET any -> [23.240.47.58] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.240.47.58/; sid:900610499; rev:1;) alert tcp $HOME_NET any -> [83.114.60.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.114.60.6/; sid:900610500; rev:1;) alert tcp $HOME_NET any -> [86.130.9.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.167/; sid:900610501; rev:1;) alert tcp $HOME_NET any -> [71.183.236.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.183.236.133/; sid:900610502; rev:1;) alert tcp $HOME_NET any -> [71.247.10.63] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.247.10.63/; sid:900610503; rev:1;) alert tcp $HOME_NET any -> [71.247.10.63] 50003 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.247.10.63/; sid:900610504; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610505; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610506; rev:1;) alert tcp $HOME_NET any -> [184.176.154.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.154.83/; sid:900610507; rev:1;) alert tcp $HOME_NET any -> [85.139.176.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.139.176.42/; sid:900610508; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610509; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610510; rev:1;) alert tcp $HOME_NET any -> [217.128.91.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.91.196/; sid:900610511; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610512; rev:1;) alert tcp $HOME_NET any -> [69.119.123.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.119.123.159/; sid:900610513; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610514; rev:1;) alert tcp $HOME_NET any -> [47.176.30.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.176.30.75/; sid:900610515; rev:1;) alert tcp $HOME_NET any -> [78.247.21.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.247.21.20/; sid:900610516; rev:1;) alert tcp $HOME_NET any -> [86.99.15.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.15.243/; sid:900610517; rev:1;) alert tcp $HOME_NET any -> [98.147.155.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.147.155.235/; sid:900610518; rev:1;) alert tcp $HOME_NET any -> [23.106.160.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.52/; sid:900610519; rev:1;) alert tcp $HOME_NET any -> [188.54.79.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.54.79.88/; sid:900610520; rev:1;) alert tcp $HOME_NET any -> [50.90.249.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.90.249.161/; sid:900610521; rev:1;) alert tcp $HOME_NET any -> [70.115.104.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.104.126/; sid:900610522; rev:1;) alert tcp $HOME_NET any -> [76.184.95.190] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.184.95.190/; sid:900610523; rev:1;) alert tcp $HOME_NET any -> [81.250.33.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.250.33.243/; sid:900610524; rev:1;) alert tcp $HOME_NET any -> [99.238.106.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.238.106.45/; sid:900610525; rev:1;) alert tcp $HOME_NET any -> [72.140.137.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.140.137.221/; sid:900610526; rev:1;) alert tcp $HOME_NET any -> [136.35.241.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.35.241.159/; sid:900610527; rev:1;) alert tcp $HOME_NET any -> [102.156.113.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.113.77/; sid:900610528; rev:1;) alert tcp $HOME_NET any -> [98.187.21.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.187.21.2/; sid:900610529; rev:1;) alert tcp $HOME_NET any -> [82.36.36.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.36.36.76/; sid:900610530; rev:1;) alert tcp $HOME_NET any -> [41.228.223.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.223.122/; sid:900610531; rev:1;) alert tcp $HOME_NET any -> [154.247.94.160] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.94.160/; sid:900610532; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610533; rev:1;) alert tcp $HOME_NET any -> [47.185.141.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.185.141.97/; sid:900610534; rev:1;) alert tcp $HOME_NET any -> [184.20.10.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.20.10.236/; sid:900610535; rev:1;) alert tcp $HOME_NET any -> [41.97.183.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.183.39/; sid:900610536; rev:1;) alert tcp $HOME_NET any -> [86.175.128.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.175.128.143/; sid:900610537; rev:1;) alert tcp $HOME_NET any -> [193.200.16.175] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.16.175/; sid:900610538; rev:1;) alert tcp $HOME_NET any -> [45.248.169.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.248.169.101/; sid:900610539; rev:1;) alert tcp $HOME_NET any -> [103.141.50.117] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.117/; sid:900610540; rev:1;) alert tcp $HOME_NET any -> [83.110.223.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.223.247/; sid:900610541; rev:1;) alert tcp $HOME_NET any -> [183.87.31.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.31.34/; sid:900610542; rev:1;) alert tcp $HOME_NET any -> [103.55.67.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.55.67.180/; sid:900610543; rev:1;) alert tcp $HOME_NET any -> [86.217.250.15] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.217.250.15/; sid:900610544; rev:1;) alert tcp $HOME_NET any -> [41.35.196.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.35.196.18/; sid:900610545; rev:1;) alert tcp $HOME_NET any -> [87.243.146.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.243.146.59/; sid:900610546; rev:1;) alert tcp $HOME_NET any -> [186.188.2.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.2.193/; sid:900610547; rev:1;) alert tcp $HOME_NET any -> [100.6.8.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.6.8.7/; sid:900610548; rev:1;) alert tcp $HOME_NET any -> [81.156.198.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.156.198.115/; sid:900610549; rev:1;) alert tcp $HOME_NET any -> [54.37.130.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.195/; sid:900610550; rev:1;) alert tcp $HOME_NET any -> [89.79.229.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.79.229.50/; sid:900610551; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610552; rev:1;) alert tcp $HOME_NET any -> [73.161.176.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.161.176.218/; sid:900610553; rev:1;) alert tcp $HOME_NET any -> [93.156.103.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.103.241/; sid:900610554; rev:1;) alert tcp $HOME_NET any -> [31.167.227.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.227.31/; sid:900610555; rev:1;) alert tcp $HOME_NET any -> [102.159.188.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.188.241/; sid:900610556; rev:1;) alert tcp $HOME_NET any -> [63.248.148.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.248.148.87/; sid:900610557; rev:1;) alert tcp $HOME_NET any -> [174.112.25.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.112.25.29/; sid:900610558; rev:1;) alert tcp $HOME_NET any -> [71.46.234.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.46.234.170/; sid:900610559; rev:1;) alert tcp $HOME_NET any -> [174.112.25.29] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.112.25.29/; sid:900610560; rev:1;) alert tcp $HOME_NET any -> [47.229.96.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.229.96.60/; sid:900610561; rev:1;) alert tcp $HOME_NET any -> [71.247.10.63] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.247.10.63/; sid:900610562; rev:1;) alert tcp $HOME_NET any -> [184.155.91.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.155.91.69/; sid:900610563; rev:1;) alert tcp $HOME_NET any -> [158.62.157.184] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.62.157.184/; sid:900610564; rev:1;) alert tcp $HOME_NET any -> [190.11.198.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.68/; sid:900610565; rev:1;) alert tcp $HOME_NET any -> [73.155.10.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.155.10.79/; sid:900610566; rev:1;) alert tcp $HOME_NET any -> [2.14.241.33] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.241.33/; sid:900610567; rev:1;) alert tcp $HOME_NET any -> [41.99.177.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.99.177.175/; sid:900610568; rev:1;) alert tcp $HOME_NET any -> [213.191.164.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.164.70/; sid:900610569; rev:1;) alert tcp $HOME_NET any -> [188.4.142.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.4.142.139/; sid:900610570; rev:1;) alert tcp $HOME_NET any -> [64.44.97.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.97.56/; sid:900610571; rev:1;) alert tcp $HOME_NET any -> [130.43.107.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.107.232/; sid:900610572; rev:1;) alert tcp $HOME_NET any -> [137.186.193.226] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.186.193.226/; sid:900610573; rev:1;) alert tcp $HOME_NET any -> [72.200.109.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.200.109.104/; sid:900610574; rev:1;) alert tcp $HOME_NET any -> [174.60.47.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.60.47.98/; sid:900610575; rev:1;) alert tcp $HOME_NET any -> [174.115.87.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.115.87.57/; sid:900610576; rev:1;) alert tcp $HOME_NET any -> [75.158.15.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.158.15.211/; sid:900610577; rev:1;) alert tcp $HOME_NET any -> [23.106.160.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.160.82/; sid:900610578; rev:1;) alert tcp $HOME_NET any -> [99.253.115.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.253.115.160/; sid:900610579; rev:1;) alert tcp $HOME_NET any -> [180.156.240.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.156.240.239/; sid:900610580; rev:1;) alert tcp $HOME_NET any -> [23.108.57.57] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.57/; sid:900610581; rev:1;) alert tcp $HOME_NET any -> [188.176.170.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.176.170.61/; sid:900610582; rev:1;) alert tcp $HOME_NET any -> [221.161.103.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.161.103.6/; sid:900610583; rev:1;) alert tcp $HOME_NET any -> [213.22.188.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.22.188.57/; sid:900610584; rev:1;) alert tcp $HOME_NET any -> [86.98.15.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.15.100/; sid:900610585; rev:1;) alert tcp $HOME_NET any -> [190.75.150.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.150.58/; sid:900610586; rev:1;) alert tcp $HOME_NET any -> [83.110.90.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.90.214/; sid:900610587; rev:1;) alert tcp $HOME_NET any -> [86.176.144.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.202/; sid:900610588; rev:1;) alert tcp $HOME_NET any -> [197.0.235.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.235.159/; sid:900610589; rev:1;) alert tcp $HOME_NET any -> [86.213.224.109] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.213.224.109/; sid:900610590; rev:1;) alert tcp $HOME_NET any -> [86.130.9.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.140/; sid:900610591; rev:1;) alert tcp $HOME_NET any -> [2.91.187.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.91.187.6/; sid:900610592; rev:1;) alert tcp $HOME_NET any -> [87.1.202.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.1.202.122/; sid:900610593; rev:1;) alert tcp $HOME_NET any -> [102.47.130.52] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.47.130.52/; sid:900610594; rev:1;) alert tcp $HOME_NET any -> [64.228.191.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.191.212/; sid:900610595; rev:1;) alert tcp $HOME_NET any -> [64.44.97.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.97.138/; sid:900610596; rev:1;) alert tcp $HOME_NET any -> [83.31.254.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.31.254.67/; sid:900610597; rev:1;) alert tcp $HOME_NET any -> [83.248.199.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.248.199.56/; sid:900610598; rev:1;) alert tcp $HOME_NET any -> [46.162.109.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.162.109.183/; sid:900610599; rev:1;) alert tcp $HOME_NET any -> [70.95.236.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.95.236.129/; sid:900610600; rev:1;) alert tcp $HOME_NET any -> [97.93.192.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.192.2/; sid:900610601; rev:1;) alert tcp $HOME_NET any -> [109.218.104.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.104.206/; sid:900610602; rev:1;) alert tcp $HOME_NET any -> [73.78.215.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.78.215.104/; sid:900610603; rev:1;) alert tcp $HOME_NET any -> [105.109.163.112] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.163.112/; sid:900610604; rev:1;) alert tcp $HOME_NET any -> [105.109.163.112] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.163.112/; sid:900610605; rev:1;) alert tcp $HOME_NET any -> [105.109.163.112] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.163.112/; sid:900610606; rev:1;) alert tcp $HOME_NET any -> [77.86.98.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.86.98.236/; sid:900610607; rev:1;) alert tcp $HOME_NET any -> [105.109.163.112] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.163.112/; sid:900610608; rev:1;) alert tcp $HOME_NET any -> [190.11.198.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.66/; sid:900610609; rev:1;) alert tcp $HOME_NET any -> [92.97.224.253] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.224.253/; sid:900610610; rev:1;) alert tcp $HOME_NET any -> [180.151.118.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.118.201/; sid:900610611; rev:1;) alert tcp $HOME_NET any -> [90.4.227.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.4.227.93/; sid:900610612; rev:1;) alert tcp $HOME_NET any -> [109.149.147.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.182/; sid:900610613; rev:1;) alert tcp $HOME_NET any -> [177.97.43.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.97.43.38/; sid:900610614; rev:1;) alert tcp $HOME_NET any -> [190.249.234.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.234.250/; sid:900610615; rev:1;) alert tcp $HOME_NET any -> [201.245.249.101] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.249.101/; sid:900610616; rev:1;) alert tcp $HOME_NET any -> [47.203.227.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.203.227.114/; sid:900610617; rev:1;) alert tcp $HOME_NET any -> [67.177.107.133] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.107.133/; sid:900610618; rev:1;) alert tcp $HOME_NET any -> [70.51.135.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.135.213/; sid:900610619; rev:1;) alert tcp $HOME_NET any -> [86.186.178.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.186.178.18/; sid:900610620; rev:1;) alert tcp $HOME_NET any -> [109.219.126.249] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.219.126.249/; sid:900610621; rev:1;) alert tcp $HOME_NET any -> [24.140.238.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.140.238.222/; sid:900610622; rev:1;) alert tcp $HOME_NET any -> [64.44.102.140] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.140/; sid:900610623; rev:1;) alert tcp $HOME_NET any -> [186.188.80.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.80.154/; sid:900610624; rev:1;) alert tcp $HOME_NET any -> [46.176.180.15] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.176.180.15/; sid:900610625; rev:1;) alert tcp $HOME_NET any -> [65.25.116.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.25.116.200/; sid:900610627; rev:1;) alert tcp $HOME_NET any -> [193.251.52.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.251.52.34/; sid:900610628; rev:1;) alert tcp $HOME_NET any -> [23.81.246.205] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.81.246.205/; sid:900610629; rev:1;) alert tcp $HOME_NET any -> [23.82.140.14] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.140.14/; sid:900610630; rev:1;) alert tcp $HOME_NET any -> [92.11.189.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.189.236/; sid:900610631; rev:1;) alert tcp $HOME_NET any -> [109.57.68.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.57.68.154/; sid:900610632; rev:1;) alert tcp $HOME_NET any -> [23.108.57.65] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.65/; sid:900610633; rev:1;) alert tcp $HOME_NET any -> [83.79.150.24] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.79.150.24/; sid:900610634; rev:1;) alert tcp $HOME_NET any -> [85.52.73.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.52.73.34/; sid:900610635; rev:1;) alert tcp $HOME_NET any -> [2.91.184.252] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.91.184.252/; sid:900610636; rev:1;) alert tcp $HOME_NET any -> [86.159.48.25] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.159.48.25/; sid:900610637; rev:1;) alert tcp $HOME_NET any -> [130.43.99.103] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.99.103/; sid:900610638; rev:1;) alert tcp $HOME_NET any -> [108.162.6.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.162.6.34/; sid:900610639; rev:1;) alert tcp $HOME_NET any -> [149.126.159.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.126.159.106/; sid:900610640; rev:1;) alert tcp $HOME_NET any -> [87.221.197.110] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.110/; sid:900610641; rev:1;) alert tcp $HOME_NET any -> [75.99.125.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.125.235/; sid:900610642; rev:1;) alert tcp $HOME_NET any -> [102.156.232.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.232.220/; sid:900610643; rev:1;) alert tcp $HOME_NET any -> [85.7.61.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.7.61.22/; sid:900610644; rev:1;) alert tcp $HOME_NET any -> [92.98.228.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.228.28/; sid:900610645; rev:1;) alert tcp $HOME_NET any -> [86.98.182.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.182.30/; sid:900610646; rev:1;) alert tcp $HOME_NET any -> [105.109.140.201] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.140.201/; sid:900610647; rev:1;) alert tcp $HOME_NET any -> [93.147.235.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.235.8/; sid:900610648; rev:1;) alert tcp $HOME_NET any -> [76.100.159.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.100.159.250/; sid:900610649; rev:1;) alert tcp $HOME_NET any -> [216.196.245.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.196.245.102/; sid:900610650; rev:1;) alert tcp $HOME_NET any -> [216.196.245.102] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.196.245.102/; sid:900610651; rev:1;) alert tcp $HOME_NET any -> [108.162.6.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.162.6.34/; sid:900610652; rev:1;) alert tcp $HOME_NET any -> [193.154.207.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.154.207.221/; sid:900610653; rev:1;) alert tcp $HOME_NET any -> [121.122.99.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.122.99.223/; sid:900610654; rev:1;) alert tcp $HOME_NET any -> [100.8.168.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.8.168.108/; sid:900610655; rev:1;) alert tcp $HOME_NET any -> [87.223.85.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.85.4/; sid:900610656; rev:1;) alert tcp $HOME_NET any -> [84.219.213.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.219.213.130/; sid:900610657; rev:1;) alert tcp $HOME_NET any -> [71.183.236.133] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.183.236.133/; sid:900610658; rev:1;) alert tcp $HOME_NET any -> [64.44.135.198] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.135.198/; sid:900610659; rev:1;) alert tcp $HOME_NET any -> [190.39.199.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.39.199.51/; sid:900610660; rev:1;) alert tcp $HOME_NET any -> [103.144.201.62] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.62/; sid:900610661; rev:1;) alert tcp $HOME_NET any -> [197.3.64.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.3.64.204/; sid:900610662; rev:1;) alert tcp $HOME_NET any -> [89.44.9.153] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.153/; sid:900610663; rev:1;) alert tcp $HOME_NET any -> [108.62.118.70] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.70/; sid:900610664; rev:1;) alert tcp $HOME_NET any -> [104.219.233.41] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.41/; sid:900610665; rev:1;) alert tcp $HOME_NET any -> [142.11.199.235] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.199.235/; sid:900610666; rev:1;) alert tcp $HOME_NET any -> [90.116.219.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.116.219.167/; sid:900610667; rev:1;) alert tcp $HOME_NET any -> [85.152.152.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.152.46/; sid:900610668; rev:1;) alert tcp $HOME_NET any -> [72.11.161.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.11.161.70/; sid:900610669; rev:1;) alert tcp $HOME_NET any -> [24.64.114.59] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.114.59/; sid:900610670; rev:1;) alert tcp $HOME_NET any -> [83.92.85.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.92.85.93/; sid:900610671; rev:1;) alert tcp $HOME_NET any -> [92.186.69.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.69.229/; sid:900610673; rev:1;) alert tcp $HOME_NET any -> [23.106.215.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.215.82/; sid:900610674; rev:1;) alert tcp $HOME_NET any -> [109.177.245.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.245.176/; sid:900610675; rev:1;) alert tcp $HOME_NET any -> [176.133.4.230] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.4.230/; sid:900610676; rev:1;) alert tcp $HOME_NET any -> [102.159.83.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.83.36/; sid:900610677; rev:1;) alert tcp $HOME_NET any -> [188.54.99.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.54.99.243/; sid:900610678; rev:1;) alert tcp $HOME_NET any -> [216.196.245.102] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.196.245.102/; sid:900610679; rev:1;) alert tcp $HOME_NET any -> [71.46.234.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.46.234.171/; sid:900610680; rev:1;) alert tcp $HOME_NET any -> [197.92.135.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.135.188/; sid:900610681; rev:1;) alert tcp $HOME_NET any -> [178.153.195.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.195.40/; sid:900610682; rev:1;) alert tcp $HOME_NET any -> [87.223.84.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.84.190/; sid:900610683; rev:1;) alert tcp $HOME_NET any -> [197.2.209.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.209.208/; sid:900610685; rev:1;) alert tcp $HOME_NET any -> [117.186.222.30] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.186.222.30/; sid:900610686; rev:1;) alert tcp $HOME_NET any -> [75.161.233.194] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.161.233.194/; sid:900610687; rev:1;) alert tcp $HOME_NET any -> [124.122.55.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.55.68/; sid:900610688; rev:1;) alert tcp $HOME_NET any -> [81.198.136.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.198.136.151/; sid:900610689; rev:1;) alert tcp $HOME_NET any -> [46.246.245.152] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.246.245.152/; sid:900610690; rev:1;) alert tcp $HOME_NET any -> [156.217.158.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.158.177/; sid:900610691; rev:1;) alert tcp $HOME_NET any -> [37.28.156.24] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.28.156.24/; sid:900610692; rev:1;) alert tcp $HOME_NET any -> [146.59.116.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.25/; sid:900610693; rev:1;) alert tcp $HOME_NET any -> [108.62.141.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.141.221/; sid:900610694; rev:1;) alert tcp $HOME_NET any -> [23.106.215.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.215.230/; sid:900610695; rev:1;) alert tcp $HOME_NET any -> [23.108.57.29] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.29/; sid:900610696; rev:1;) alert tcp $HOME_NET any -> [105.99.88.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.99.88.96/; sid:900610697; rev:1;) alert tcp $HOME_NET any -> [178.191.21.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.191.21.187/; sid:900610698; rev:1;) alert tcp $HOME_NET any -> [92.136.183.239] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.183.239/; sid:900610699; rev:1;) alert tcp $HOME_NET any -> [201.208.139.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.139.250/; sid:900610700; rev:1;) alert tcp $HOME_NET any -> [109.149.148.184] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.148.184/; sid:900610701; rev:1;) alert tcp $HOME_NET any -> [156.216.253.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.216.253.65/; sid:900610702; rev:1;) alert tcp $HOME_NET any -> [86.130.9.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.180/; sid:900610703; rev:1;) alert tcp $HOME_NET any -> [80.121.50.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.121.50.13/; sid:900610704; rev:1;) alert tcp $HOME_NET any -> [70.160.80.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.160.80.210/; sid:900610705; rev:1;) alert tcp $HOME_NET any -> [186.64.67.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.9/; sid:900610706; rev:1;) alert tcp $HOME_NET any -> [190.74.104.149] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.74.104.149/; sid:900610707; rev:1;) alert tcp $HOME_NET any -> [91.206.178.167] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.167/; sid:900610708; rev:1;) alert tcp $HOME_NET any -> [119.82.121.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.121.63/; sid:900610709; rev:1;) alert tcp $HOME_NET any -> [90.119.197.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.119.197.132/; sid:900610710; rev:1;) alert tcp $HOME_NET any -> [82.11.242.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.11.242.219/; sid:900610711; rev:1;) alert tcp $HOME_NET any -> [78.100.230.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.230.10/; sid:900610712; rev:1;) alert tcp $HOME_NET any -> [41.100.146.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.100.146.58/; sid:900610713; rev:1;) alert tcp $HOME_NET any -> [176.128.178.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.128.178.251/; sid:900610714; rev:1;) alert tcp $HOME_NET any -> [197.204.18.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.18.30/; sid:900610715; rev:1;) alert tcp $HOME_NET any -> [72.68.175.55] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.68.175.55/; sid:900610716; rev:1;) alert tcp $HOME_NET any -> [70.51.136.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.136.94/; sid:900610717; rev:1;) alert tcp $HOME_NET any -> [41.62.220.86] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.220.86/; sid:900610718; rev:1;) alert tcp $HOME_NET any -> [91.245.253.76] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.253.76/; sid:900610719; rev:1;) alert tcp $HOME_NET any -> [23.106.223.1] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.1/; sid:900610720; rev:1;) alert tcp $HOME_NET any -> [45.11.19.208] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.11.19.208/; sid:900610721; rev:1;) alert tcp $HOME_NET any -> [45.11.19.252] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.11.19.252/; sid:900610722; rev:1;) alert tcp $HOME_NET any -> [83.7.54.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.54.186/; sid:900610723; rev:1;) alert tcp $HOME_NET any -> [78.163.33.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.163.33.44/; sid:900610724; rev:1;) alert tcp $HOME_NET any -> [76.11.14.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.11.14.249/; sid:900610725; rev:1;) alert tcp $HOME_NET any -> [23.108.57.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.59/; sid:900610726; rev:1;) alert tcp $HOME_NET any -> [46.249.38.114] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.38.114/; sid:900610727; rev:1;) alert tcp $HOME_NET any -> [23.254.247.48] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.247.48/; sid:900610728; rev:1;) alert tcp $HOME_NET any -> [46.249.38.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.38.141/; sid:900610729; rev:1;) alert tcp $HOME_NET any -> [185.135.120.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.120.81/; sid:900610730; rev:1;) alert tcp $HOME_NET any -> [51.83.254.187] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.254.187/; sid:900610731; rev:1;) alert tcp $HOME_NET any -> [87.223.89.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.89.157/; sid:900610732; rev:1;) alert tcp $HOME_NET any -> [54.37.131.158] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.158/; sid:900610733; rev:1;) alert tcp $HOME_NET any -> [92.98.72.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.72.220/; sid:900610734; rev:1;) alert tcp $HOME_NET any -> [109.150.179.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.179.158/; sid:900610735; rev:1;) alert tcp $HOME_NET any -> [41.44.19.36] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.44.19.36/; sid:900610736; rev:1;) alert tcp $HOME_NET any -> [193.154.202.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.154.202.210/; sid:900610737; rev:1;) alert tcp $HOME_NET any -> [2.83.12.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.83.12.243/; sid:900610738; rev:1;) alert tcp $HOME_NET any -> [188.48.123.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.123.229/; sid:900610739; rev:1;) alert tcp $HOME_NET any -> [65.30.139.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.30.139.145/; sid:900610740; rev:1;) alert tcp $HOME_NET any -> [85.245.221.87] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.245.221.87/; sid:900610741; rev:1;) alert tcp $HOME_NET any -> [201.210.107.223] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.107.223/; sid:900610742; rev:1;) alert tcp $HOME_NET any -> [87.223.91.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.91.46/; sid:900610743; rev:1;) alert tcp $HOME_NET any -> [190.206.70.80] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.206.70.80/; sid:900610744; rev:1;) alert tcp $HOME_NET any -> [86.96.75.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.75.237/; sid:900610745; rev:1;) alert tcp $HOME_NET any -> [78.17.157.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.17.157.5/; sid:900610746; rev:1;) alert tcp $HOME_NET any -> [69.164.203.147] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.203.147/; sid:900610747; rev:1;) alert tcp $HOME_NET any -> [91.254.230.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.230.18/; sid:900610748; rev:1;) alert tcp $HOME_NET any -> [2.14.82.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.82.210/; sid:900610749; rev:1;) alert tcp $HOME_NET any -> [85.239.52.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.52.179/; sid:900610750; rev:1;) alert tcp $HOME_NET any -> [31.167.254.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.254.199/; sid:900610752; rev:1;) alert tcp $HOME_NET any -> [86.190.16.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.16.164/; sid:900610753; rev:1;) alert tcp $HOME_NET any -> [104.152.223.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.152.223.133/; sid:900610754; rev:1;) alert tcp $HOME_NET any -> [116.74.164.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.2/; sid:900610755; rev:1;) alert tcp $HOME_NET any -> [66.176.250.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.176.250.180/; sid:900610756; rev:1;) alert tcp $HOME_NET any -> [70.77.116.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.77.116.233/; sid:900610757; rev:1;) alert tcp $HOME_NET any -> [81.248.77.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.248.77.37/; sid:900610758; rev:1;) alert tcp $HOME_NET any -> [86.98.23.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.23.199/; sid:900610759; rev:1;) alert tcp $HOME_NET any -> [162.248.14.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.14.107/; sid:900610760; rev:1;) alert tcp $HOME_NET any -> [74.93.148.97] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.93.148.97/; sid:900610761; rev:1;) alert tcp $HOME_NET any -> [184.101.163.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.101.163.128/; sid:900610762; rev:1;) alert tcp $HOME_NET any -> [181.118.183.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.44/; sid:900610763; rev:1;) alert tcp $HOME_NET any -> [85.231.105.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.231.105.49/; sid:900610764; rev:1;) alert tcp $HOME_NET any -> [23.108.57.66] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.66/; sid:900610765; rev:1;) alert tcp $HOME_NET any -> [139.177.146.137] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.177.146.137/; sid:900610766; rev:1;) alert tcp $HOME_NET any -> [27.32.171.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.32.171.38/; sid:900610767; rev:1;) alert tcp $HOME_NET any -> [91.206.178.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.179/; sid:900610768; rev:1;) alert tcp $HOME_NET any -> [85.239.54.134] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.54.134/; sid:900610769; rev:1;) alert tcp $HOME_NET any -> [107.189.13.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.13.201/; sid:900610770; rev:1;) alert tcp $HOME_NET any -> [85.239.52.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.52.71/; sid:900610771; rev:1;) alert tcp $HOME_NET any -> [104.168.172.195] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.172.195/; sid:900610772; rev:1;) alert tcp $HOME_NET any -> [91.245.254.41] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.254.41/; sid:900610773; rev:1;) alert tcp $HOME_NET any -> [104.219.233.42] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.42/; sid:900610774; rev:1;) alert tcp $HOME_NET any -> [108.62.141.98] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.141.98/; sid:900610775; rev:1;) alert tcp $HOME_NET any -> [146.59.116.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.185/; sid:900610776; rev:1;) alert tcp $HOME_NET any -> [108.62.118.108] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.108/; sid:900610777; rev:1;) alert tcp $HOME_NET any -> [108.62.12.202] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.12.202/; sid:900610778; rev:1;) alert tcp $HOME_NET any -> [142.93.12.251] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.12.251/; sid:900610779; rev:1;) alert tcp $HOME_NET any -> [159.89.22.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.22.59/; sid:900610780; rev:1;) alert tcp $HOME_NET any -> [139.177.146.230] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.177.146.230/; sid:900610781; rev:1;) alert tcp $HOME_NET any -> [108.62.118.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.53/; sid:900610782; rev:1;) alert tcp $HOME_NET any -> [194.135.33.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.151/; sid:900610783; rev:1;) alert tcp $HOME_NET any -> [149.3.170.236] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.236/; sid:900610784; rev:1;) alert tcp $HOME_NET any -> [192.236.199.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.199.61/; sid:900610785; rev:1;) alert tcp $HOME_NET any -> [172.86.123.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.123.231/; sid:900610786; rev:1;) alert tcp $HOME_NET any -> [172.93.201.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.201.244/; sid:900610787; rev:1;) alert tcp $HOME_NET any -> [192.236.179.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.179.104/; sid:900610788; rev:1;) alert tcp $HOME_NET any -> [192.129.129.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.129.129.20/; sid:900610789; rev:1;) alert tcp $HOME_NET any -> [192.254.79.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.79.120/; sid:900610790; rev:1;) alert tcp $HOME_NET any -> [192.129.129.53] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.129.129.53/; sid:900610791; rev:1;) alert tcp $HOME_NET any -> [198.98.50.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.50.15/; sid:900610792; rev:1;) alert tcp $HOME_NET any -> [205.185.126.42] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.126.42/; sid:900610793; rev:1;) alert tcp $HOME_NET any -> [192.198.82.60] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.60/; sid:900610794; rev:1;) alert tcp $HOME_NET any -> [198.98.52.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.52.241/; sid:900610796; rev:1;) alert tcp $HOME_NET any -> [84.215.202.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.215.202.22/; sid:900610797; rev:1;) alert tcp $HOME_NET any -> [200.109.14.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.14.93/; sid:900610798; rev:1;) alert tcp $HOME_NET any -> [93.212.159.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.212.159.189/; sid:900610799; rev:1;) alert tcp $HOME_NET any -> [139.177.146.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.177.146.25/; sid:900610800; rev:1;) alert tcp $HOME_NET any -> [104.219.233.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.145/; sid:900610801; rev:1;) alert tcp $HOME_NET any -> [192.254.79.122] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.79.122/; sid:900610802; rev:1;) alert tcp $HOME_NET any -> [86.106.87.135] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.106.87.135/; sid:900610803; rev:1;) alert tcp $HOME_NET any -> [23.106.223.14] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.14/; sid:900610804; rev:1;) alert tcp $HOME_NET any -> [23.108.57.87] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.87/; sid:900610805; rev:1;) alert tcp $HOME_NET any -> [192.198.82.62] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.62/; sid:900610806; rev:1;) alert tcp $HOME_NET any -> [173.234.155.133] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.234.155.133/; sid:900610807; rev:1;) alert tcp $HOME_NET any -> [92.8.190.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.190.211/; sid:900610809; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900610810; rev:1;) alert tcp $HOME_NET any -> [24.71.120.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.71.120.191/; sid:900610811; rev:1;) alert tcp $HOME_NET any -> [75.99.125.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.125.236/; sid:900610812; rev:1;) alert tcp $HOME_NET any -> [103.71.21.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.71.21.107/; sid:900610813; rev:1;) alert tcp $HOME_NET any -> [90.66.229.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.66.229.185/; sid:900610814; rev:1;) alert tcp $HOME_NET any -> [46.10.198.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.10.198.106/; sid:900610815; rev:1;) alert tcp $HOME_NET any -> [98.178.242.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.178.242.28/; sid:900610816; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900610817; rev:1;) alert tcp $HOME_NET any -> [90.221.1.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.221.1.60/; sid:900610818; rev:1;) alert tcp $HOME_NET any -> [92.154.17.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.17.149/; sid:900610819; rev:1;) alert tcp $HOME_NET any -> [94.30.98.134] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.30.98.134/; sid:900610820; rev:1;) alert tcp $HOME_NET any -> [193.32.212.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.32.212.114/; sid:900610821; rev:1;) alert tcp $HOME_NET any -> [90.79.129.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.79.129.166/; sid:900610822; rev:1;) alert tcp $HOME_NET any -> [93.156.98.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.98.63/; sid:900610823; rev:1;) alert tcp $HOME_NET any -> [181.164.194.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.194.223/; sid:900610824; rev:1;) alert tcp $HOME_NET any -> [70.55.120.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.120.16/; sid:900610825; rev:1;) alert tcp $HOME_NET any -> [37.56.111.49] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.56.111.49/; sid:900610826; rev:1;) alert tcp $HOME_NET any -> [197.94.219.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.219.133/; sid:900610827; rev:1;) alert tcp $HOME_NET any -> [86.130.9.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.250/; sid:900610828; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900610829; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900610830; rev:1;) alert tcp $HOME_NET any -> [83.213.192.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.213.192.136/; sid:900610831; rev:1;) alert tcp $HOME_NET any -> [94.105.123.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.105.123.53/; sid:900610832; rev:1;) alert tcp $HOME_NET any -> [67.61.71.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.61.71.201/; sid:900610833; rev:1;) alert tcp $HOME_NET any -> [201.137.151.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.151.25/; sid:900610834; rev:1;) alert tcp $HOME_NET any -> [47.16.76.35] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.76.35/; sid:900610835; rev:1;) alert tcp $HOME_NET any -> [151.65.67.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.67.211/; sid:900610836; rev:1;) alert tcp $HOME_NET any -> [31.53.29.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.245/; sid:900610837; rev:1;) alert tcp $HOME_NET any -> [141.255.65.113] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.255.65.113/; sid:900610838; rev:1;) alert tcp $HOME_NET any -> [190.199.169.127] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.169.127/; sid:900610839; rev:1;) alert tcp $HOME_NET any -> [150.107.231.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.107.231.59/; sid:900610840; rev:1;) alert tcp $HOME_NET any -> [70.120.228.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.120.228.205/; sid:900610841; rev:1;) alert tcp $HOME_NET any -> [83.213.201.104] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.213.201.104/; sid:900610842; rev:1;) alert tcp $HOME_NET any -> [72.133.240.122] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.240.122/; sid:900610843; rev:1;) alert tcp $HOME_NET any -> [66.180.226.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.117/; sid:900610844; rev:1;) alert tcp $HOME_NET any -> [208.180.17.32] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.17.32/; sid:900610845; rev:1;) alert tcp $HOME_NET any -> [184.189.41.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.189.41.80/; sid:900610846; rev:1;) alert tcp $HOME_NET any -> [70.51.153.251] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.251/; sid:900610847; rev:1;) alert tcp $HOME_NET any -> [188.79.182.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.79.182.186/; sid:900610848; rev:1;) alert tcp $HOME_NET any -> [184.68.116.146] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.116.146/; sid:900610849; rev:1;) alert tcp $HOME_NET any -> [80.44.148.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.148.126/; sid:900610850; rev:1;) alert tcp $HOME_NET any -> [78.101.91.215] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.91.215/; sid:900610851; rev:1;) alert tcp $HOME_NET any -> [121.121.100.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.148/; sid:900610852; rev:1;) alert tcp $HOME_NET any -> [79.13.202.140] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.13.202.140/; sid:900610853; rev:1;) alert tcp $HOME_NET any -> [74.83.128.70] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.83.128.70/; sid:900610854; rev:1;) alert tcp $HOME_NET any -> [72.80.7.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.7.6/; sid:900610855; rev:1;) alert tcp $HOME_NET any -> [178.152.27.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.27.222/; sid:900610856; rev:1;) alert tcp $HOME_NET any -> [181.118.183.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.50/; sid:900610857; rev:1;) alert tcp $HOME_NET any -> [86.99.14.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.14.46/; sid:900610858; rev:1;) alert tcp $HOME_NET any -> [188.24.214.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.24.214.226/; sid:900610859; rev:1;) alert tcp $HOME_NET any -> [86.18.75.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.18.75.136/; sid:900610860; rev:1;) alert tcp $HOME_NET any -> [146.70.100.126] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.100.126/; sid:900610861; rev:1;) alert tcp $HOME_NET any -> [85.239.54.178] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.54.178/; sid:900610862; rev:1;) alert tcp $HOME_NET any -> [69.159.156.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.156.133/; sid:900610863; rev:1;) alert tcp $HOME_NET any -> [66.85.236.205] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.236.205/; sid:900610864; rev:1;) alert tcp $HOME_NET any -> [91.178.75.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.178.75.146/; sid:900610865; rev:1;) alert tcp $HOME_NET any -> [217.43.16.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.43.16.149/; sid:900610866; rev:1;) alert tcp $HOME_NET any -> [2.83.32.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.83.32.104/; sid:900610867; rev:1;) alert tcp $HOME_NET any -> [23.242.141.218] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.242.141.218/; sid:900610868; rev:1;) alert tcp $HOME_NET any -> [66.90.198.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.90.198.204/; sid:900610869; rev:1;) alert tcp $HOME_NET any -> [197.0.32.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.32.186/; sid:900610870; rev:1;) alert tcp $HOME_NET any -> [167.58.235.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.58.235.148/; sid:900610871; rev:1;) alert tcp $HOME_NET any -> [82.6.99.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.6.99.234/; sid:900610872; rev:1;) alert tcp $HOME_NET any -> [197.94.86.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.86.141/; sid:900610873; rev:1;) alert tcp $HOME_NET any -> [147.148.234.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.148.234.231/; sid:900610874; rev:1;) alert tcp $HOME_NET any -> [100.36.249.75] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.36.249.75/; sid:900610875; rev:1;) alert tcp $HOME_NET any -> [190.199.126.108] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.126.108/; sid:900610876; rev:1;) alert tcp $HOME_NET any -> [102.40.202.189] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.40.202.189/; sid:900610877; rev:1;) alert tcp $HOME_NET any -> [51.183.20.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.183.20.212/; sid:900610878; rev:1;) alert tcp $HOME_NET any -> [87.223.87.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.87.35/; sid:900610879; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 20 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610880; rev:1;) alert tcp $HOME_NET any -> [216.160.116.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.160.116.140/; sid:900610881; rev:1;) alert tcp $HOME_NET any -> [109.159.118.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.118.162/; sid:900610882; rev:1;) alert tcp $HOME_NET any -> [81.131.210.167] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.131.210.167/; sid:900610883; rev:1;) alert tcp $HOME_NET any -> [90.194.186.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.194.186.175/; sid:900610884; rev:1;) alert tcp $HOME_NET any -> [87.221.154.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.154.65/; sid:900610885; rev:1;) alert tcp $HOME_NET any -> [190.201.157.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.157.16/; sid:900610886; rev:1;) alert tcp $HOME_NET any -> [124.122.55.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.55.7/; sid:900610888; rev:1;) alert tcp $HOME_NET any -> [60.254.51.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.51.168/; sid:900610889; rev:1;) alert tcp $HOME_NET any -> [79.77.142.22] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.77.142.22/; sid:900610890; rev:1;) alert tcp $HOME_NET any -> [188.48.116.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.116.37/; sid:900610891; rev:1;) alert tcp $HOME_NET any -> [116.74.163.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.163.218/; sid:900610892; rev:1;) alert tcp $HOME_NET any -> [216.82.134.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.82.134.133/; sid:900610893; rev:1;) alert tcp $HOME_NET any -> [178.152.126.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.126.55/; sid:900610894; rev:1;) alert tcp $HOME_NET any -> [172.248.42.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.42.122/; sid:900610895; rev:1;) alert tcp $HOME_NET any -> [60.234.194.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.234.194.12/; sid:900610896; rev:1;) alert tcp $HOME_NET any -> [94.71.209.47] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.71.209.47/; sid:900610897; rev:1;) alert tcp $HOME_NET any -> [47.149.137.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.137.40/; sid:900610898; rev:1;) alert tcp $HOME_NET any -> [61.69.198.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.69.198.59/; sid:900610899; rev:1;) alert tcp $HOME_NET any -> [99.229.164.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.229.164.42/; sid:900610900; rev:1;) alert tcp $HOME_NET any -> [49.245.119.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.119.12/; sid:900610901; rev:1;) alert tcp $HOME_NET any -> [92.145.203.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.145.203.167/; sid:900610902; rev:1;) alert tcp $HOME_NET any -> [45.152.16.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.152.16.14/; sid:900610903; rev:1;) alert tcp $HOME_NET any -> [92.154.45.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.45.81/; sid:900610904; rev:1;) alert tcp $HOME_NET any -> [103.141.50.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.151/; sid:900610905; rev:1;) alert tcp $HOME_NET any -> [172.86.121.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.121.61/; sid:900610906; rev:1;) alert tcp $HOME_NET any -> [91.96.249.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.96.249.3/; sid:900610907; rev:1;) alert tcp $HOME_NET any -> [2.50.140.56] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.140.56/; sid:900610908; rev:1;) alert tcp $HOME_NET any -> [93.147.134.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.134.85/; sid:900610909; rev:1;) alert tcp $HOME_NET any -> [78.193.176.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.193.176.97/; sid:900610910; rev:1;) alert tcp $HOME_NET any -> [87.149.127.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.149.127.43/; sid:900610911; rev:1;) alert tcp $HOME_NET any -> [178.152.25.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.25.80/; sid:900610912; rev:1;) alert tcp $HOME_NET any -> [93.156.97.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.97.145/; sid:900610913; rev:1;) alert tcp $HOME_NET any -> [139.228.33.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.228.33.163/; sid:900610914; rev:1;) alert tcp $HOME_NET any -> [91.231.172.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.172.236/; sid:900610915; rev:1;) alert tcp $HOME_NET any -> [186.64.67.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.55/; sid:900610916; rev:1;) alert tcp $HOME_NET any -> [109.150.179.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.179.181/; sid:900610917; rev:1;) alert tcp $HOME_NET any -> [181.118.206.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.206.65/; sid:900610918; rev:1;) alert tcp $HOME_NET any -> [75.99.125.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.125.234/; sid:900610919; rev:1;) alert tcp $HOME_NET any -> [64.237.240.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.240.3/; sid:900610920; rev:1;) alert tcp $HOME_NET any -> [67.235.138.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.235.138.14/; sid:900610921; rev:1;) alert tcp $HOME_NET any -> [175.139.130.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.130.191/; sid:900610922; rev:1;) alert tcp $HOME_NET any -> [217.128.200.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.200.114/; sid:900610923; rev:1;) alert tcp $HOME_NET any -> [198.98.51.235] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.235/; sid:900610924; rev:1;) alert tcp $HOME_NET any -> [23.82.140.180] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.140.180/; sid:900610925; rev:1;) alert tcp $HOME_NET any -> [108.62.141.52] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.141.52/; sid:900610926; rev:1;) alert tcp $HOME_NET any -> [23.82.128.127] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.128.127/; sid:900610927; rev:1;) alert tcp $HOME_NET any -> [45.61.184.24] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.184.24/; sid:900610928; rev:1;) alert tcp $HOME_NET any -> [45.141.58.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.58.139/; sid:900610929; rev:1;) alert tcp $HOME_NET any -> [128.127.21.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.127.21.57/; sid:900610930; rev:1;) alert tcp $HOME_NET any -> [87.220.205.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.205.65/; sid:900610931; rev:1;) alert tcp $HOME_NET any -> [178.153.5.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.5.54/; sid:900610932; rev:1;) alert tcp $HOME_NET any -> [37.15.128.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.15.128.31/; sid:900610933; rev:1;) alert tcp $HOME_NET any -> [174.112.22.106] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.112.22.106/; sid:900610934; rev:1;) alert tcp $HOME_NET any -> [176.44.121.220] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.44.121.220/; sid:900610935; rev:1;) alert tcp $HOME_NET any -> [78.100.238.92] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.238.92/; sid:900610936; rev:1;) alert tcp $HOME_NET any -> [84.108.173.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.108.173.79/; sid:900610937; rev:1;) alert tcp $HOME_NET any -> [90.78.138.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.138.217/; sid:900610938; rev:1;) alert tcp $HOME_NET any -> [76.170.252.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.170.252.153/; sid:900610939; rev:1;) alert tcp $HOME_NET any -> [74.33.196.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.33.196.114/; sid:900610940; rev:1;) alert tcp $HOME_NET any -> [12.172.173.82] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.172.173.82/; sid:900610941; rev:1;) alert tcp $HOME_NET any -> [216.36.153.248] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.36.153.248/; sid:900610942; rev:1;) alert tcp $HOME_NET any -> [83.7.52.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.52.202/; sid:900610943; rev:1;) alert tcp $HOME_NET any -> [73.214.105.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.214.105.238/; sid:900610944; rev:1;) alert tcp $HOME_NET any -> [87.223.95.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.95.66/; sid:900610945; rev:1;) alert tcp $HOME_NET any -> [54.38.137.14] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.137.14/; sid:900610946; rev:1;) alert tcp $HOME_NET any -> [90.48.151.17] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.48.151.17/; sid:900610947; rev:1;) alert tcp $HOME_NET any -> [86.196.35.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.196.35.232/; sid:900610948; rev:1;) alert tcp $HOME_NET any -> [86.176.144.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.240/; sid:900610949; rev:1;) alert tcp $HOME_NET any -> [176.79.48.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.79.48.60/; sid:900610950; rev:1;) alert tcp $HOME_NET any -> [2.14.96.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.96.234/; sid:900610951; rev:1;) alert tcp $HOME_NET any -> [202.187.239.67] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.239.67/; sid:900610952; rev:1;) alert tcp $HOME_NET any -> [77.124.17.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.17.122/; sid:900610953; rev:1;) alert tcp $HOME_NET any -> [171.97.42.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.42.82/; sid:900610954; rev:1;) alert tcp $HOME_NET any -> [83.110.95.209] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.95.209/; sid:900610955; rev:1;) alert tcp $HOME_NET any -> [103.212.19.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.212.19.254/; sid:900610956; rev:1;) alert tcp $HOME_NET any -> [86.99.15.254] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.15.254/; sid:900610957; rev:1;) alert tcp $HOME_NET any -> [103.42.86.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.42/; sid:900610958; rev:1;) alert tcp $HOME_NET any -> [90.27.44.76] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.27.44.76/; sid:900610959; rev:1;) alert tcp $HOME_NET any -> [93.156.97.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.97.50/; sid:900610960; rev:1;) alert tcp $HOME_NET any -> [109.220.196.24] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.220.196.24/; sid:900610961; rev:1;) alert tcp $HOME_NET any -> [144.64.226.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.64.226.144/; sid:900610962; rev:1;) alert tcp $HOME_NET any -> [86.160.253.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.160.253.56/; sid:900610963; rev:1;) alert tcp $HOME_NET any -> [86.183.251.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.183.251.169/; sid:900610964; rev:1;) alert tcp $HOME_NET any -> [86.195.14.72] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.195.14.72/; sid:900610965; rev:1;) alert tcp $HOME_NET any -> [206.166.209.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.166.209.170/; sid:900610966; rev:1;) alert tcp $HOME_NET any -> [109.159.119.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.186/; sid:900610967; rev:1;) alert tcp $HOME_NET any -> [96.255.66.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.255.66.51/; sid:900610968; rev:1;) alert tcp $HOME_NET any -> [104.168.174.148] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.174.148/; sid:900610969; rev:1;) alert tcp $HOME_NET any -> [69.165.145.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.165.145.141/; sid:900610970; rev:1;) alert tcp $HOME_NET any -> [142.118.49.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.49.193/; sid:900610971; rev:1;) alert tcp $HOME_NET any -> [65.95.85.172] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.85.172/; sid:900610972; rev:1;) alert tcp $HOME_NET any -> [92.8.187.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.187.85/; sid:900610973; rev:1;) alert tcp $HOME_NET any -> [87.252.106.197] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.106.197/; sid:900610974; rev:1;) alert tcp $HOME_NET any -> [109.50.131.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.131.204/; sid:900610975; rev:1;) alert tcp $HOME_NET any -> [66.35.124.54] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.124.54/; sid:900610976; rev:1;) alert tcp $HOME_NET any -> [186.87.52.35] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.87.52.35/; sid:900610977; rev:1;) alert tcp $HOME_NET any -> [190.199.187.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.187.93/; sid:900610978; rev:1;) alert tcp $HOME_NET any -> [201.210.114.115] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.114.115/; sid:900610979; rev:1;) alert tcp $HOME_NET any -> [190.249.241.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.241.149/; sid:900610980; rev:1;) alert tcp $HOME_NET any -> [80.98.132.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.98.132.66/; sid:900610981; rev:1;) alert tcp $HOME_NET any -> [188.161.48.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.161.48.24/; sid:900610982; rev:1;) alert tcp $HOME_NET any -> [122.186.71.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.71.98/; sid:900610983; rev:1;) alert tcp $HOME_NET any -> [47.16.68.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.68.188/; sid:900610984; rev:1;) alert tcp $HOME_NET any -> [27.0.48.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.48.233/; sid:900610985; rev:1;) alert tcp $HOME_NET any -> [202.142.98.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.98.62/; sid:900610986; rev:1;) alert tcp $HOME_NET any -> [176.177.136.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.177.136.35/; sid:900610987; rev:1;) alert tcp $HOME_NET any -> [76.68.151.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.151.148/; sid:900610988; rev:1;) alert tcp $HOME_NET any -> [90.4.190.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.4.190.217/; sid:900610989; rev:1;) alert tcp $HOME_NET any -> [70.51.136.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.136.204/; sid:900610990; rev:1;) alert tcp $HOME_NET any -> [89.203.252.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.203.252.238/; sid:900610991; rev:1;) alert tcp $HOME_NET any -> [201.137.206.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.206.40/; sid:900610992; rev:1;) alert tcp $HOME_NET any -> [91.254.132.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.132.23/; sid:900610993; rev:1;) alert tcp $HOME_NET any -> [78.18.42.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.18.42.55/; sid:900610994; rev:1;) alert tcp $HOME_NET any -> [181.4.227.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.227.82/; sid:900610995; rev:1;) alert tcp $HOME_NET any -> [24.69.84.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.84.237/; sid:900610996; rev:1;) alert tcp $HOME_NET any -> [51.83.253.18] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.253.18/; sid:900610997; rev:1;) alert tcp $HOME_NET any -> [67.253.226.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.253.226.137/; sid:900610998; rev:1;) alert tcp $HOME_NET any -> [50.67.17.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.67.17.92/; sid:900610999; rev:1;) alert tcp $HOME_NET any -> [95.23.15.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.23.15.84/; sid:900611000; rev:1;) alert tcp $HOME_NET any -> [51.211.219.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.211.219.211/; sid:900611001; rev:1;) alert tcp $HOME_NET any -> [71.112.212.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.112.212.166/; sid:900611002; rev:1;) alert tcp $HOME_NET any -> [149.74.159.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.74.159.67/; sid:900611003; rev:1;) alert tcp $HOME_NET any -> [173.178.151.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.151.233/; sid:900611004; rev:1;) alert tcp $HOME_NET any -> [2.82.10.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.10.152/; sid:900611005; rev:1;) alert tcp $HOME_NET any -> [86.222.191.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.191.162/; sid:900611006; rev:1;) alert tcp $HOME_NET any -> [125.20.112.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.20.112.94/; sid:900611007; rev:1;) alert tcp $HOME_NET any -> [201.244.108.183] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.108.183/; sid:900611008; rev:1;) alert tcp $HOME_NET any -> [87.223.84.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.84.92/; sid:900611009; rev:1;) alert tcp $HOME_NET any -> [176.44.58.217] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.44.58.217/; sid:900611010; rev:1;) alert tcp $HOME_NET any -> [41.237.141.34] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.237.141.34/; sid:900611011; rev:1;) alert tcp $HOME_NET any -> [175.139.207.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.207.179/; sid:900611012; rev:1;) alert tcp $HOME_NET any -> [190.35.44.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.35.44.194/; sid:900611013; rev:1;) alert tcp $HOME_NET any -> [151.65.216.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.216.129/; sid:900611014; rev:1;) alert tcp $HOME_NET any -> [92.148.54.239] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.148.54.239/; sid:900611015; rev:1;) alert tcp $HOME_NET any -> [124.171.159.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.171.159.71/; sid:900611016; rev:1;) alert tcp $HOME_NET any -> [59.28.84.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.28.84.65/; sid:900611017; rev:1;) alert tcp $HOME_NET any -> [185.13.180.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.13.180.250/; sid:900611018; rev:1;) alert tcp $HOME_NET any -> [51.199.123.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.199.123.42/; sid:900611019; rev:1;) alert tcp $HOME_NET any -> [189.222.74.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.74.224/; sid:900611020; rev:1;) alert tcp $HOME_NET any -> [178.142.126.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.142.126.181/; sid:900611021; rev:1;) alert tcp $HOME_NET any -> [70.51.134.110] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.110/; sid:900611022; rev:1;) alert tcp $HOME_NET any -> [178.153.3.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.3.212/; sid:900611023; rev:1;) alert tcp $HOME_NET any -> [86.98.223.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.223.237/; sid:900611024; rev:1;) alert tcp $HOME_NET any -> [202.142.98.62] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.98.62/; sid:900611025; rev:1;) alert tcp $HOME_NET any -> [193.154.124.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.154.124.4/; sid:900611026; rev:1;) alert tcp $HOME_NET any -> [82.31.37.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.31.37.241/; sid:900611027; rev:1;) alert tcp $HOME_NET any -> [103.195.16.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.195.16.175/; sid:900611028; rev:1;) alert tcp $HOME_NET any -> [103.231.104.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.231.104.124/; sid:900611029; rev:1;) alert tcp $HOME_NET any -> [188.52.183.146] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.52.183.146/; sid:900611030; rev:1;) alert tcp $HOME_NET any -> [31.120.202.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.120.202.209/; sid:900611031; rev:1;) alert tcp $HOME_NET any -> [190.78.77.15] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.78.77.15/; sid:900611032; rev:1;) alert tcp $HOME_NET any -> [190.199.157.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.157.49/; sid:900611033; rev:1;) alert tcp $HOME_NET any -> [2.14.140.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.140.222/; sid:900611034; rev:1;) alert tcp $HOME_NET any -> [173.76.49.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.76.49.61/; sid:900611035; rev:1;) alert tcp $HOME_NET any -> [41.227.93.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.93.13/; sid:900611036; rev:1;) alert tcp $HOME_NET any -> [108.62.118.124] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.124/; sid:900611037; rev:1;) alert tcp $HOME_NET any -> [86.134.75.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.134.75.5/; sid:900611038; rev:1;) alert tcp $HOME_NET any -> [85.72.107.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.72.107.2/; sid:900611039; rev:1;) alert tcp $HOME_NET any -> [27.0.62.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.62.241/; sid:900611040; rev:1;) alert tcp $HOME_NET any -> [27.0.48.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.48.205/; sid:900611041; rev:1;) alert tcp $HOME_NET any -> [130.43.90.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.90.78/; sid:900611042; rev:1;) alert tcp $HOME_NET any -> [183.87.163.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.163.165/; sid:900611043; rev:1;) alert tcp $HOME_NET any -> [93.156.98.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.98.4/; sid:900611044; rev:1;) alert tcp $HOME_NET any -> [23.106.223.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.219/; sid:900611045; rev:1;) alert tcp $HOME_NET any -> [195.198.103.184] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.198.103.184/; sid:900611046; rev:1;) alert tcp $HOME_NET any -> [83.7.53.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.53.22/; sid:900611047; rev:1;) alert tcp $HOME_NET any -> [75.115.14.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.115.14.189/; sid:900611048; rev:1;) alert tcp $HOME_NET any -> [86.178.217.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.217.180/; sid:900611049; rev:1;) alert tcp $HOME_NET any -> [142.11.216.12] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.216.12/; sid:900611050; rev:1;) alert tcp $HOME_NET any -> [24.130.149.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.130.149.95/; sid:900611051; rev:1;) alert tcp $HOME_NET any -> [46.24.136.17] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.136.17/; sid:900611052; rev:1;) alert tcp $HOME_NET any -> [192.111.146.186] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.186/; sid:900611053; rev:1;) alert tcp $HOME_NET any -> [86.160.217.36] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.160.217.36/; sid:900611054; rev:1;) alert tcp $HOME_NET any -> [121.121.100.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.88/; sid:900611055; rev:1;) alert tcp $HOME_NET any -> [213.31.90.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.31.90.183/; sid:900611056; rev:1;) alert tcp $HOME_NET any -> [87.221.196.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.196.217/; sid:900611057; rev:1;) alert tcp $HOME_NET any -> [178.142.122.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.142.122.128/; sid:900611058; rev:1;) alert tcp $HOME_NET any -> [188.48.85.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.85.14/; sid:900611059; rev:1;) alert tcp $HOME_NET any -> [186.64.67.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.12/; sid:900611060; rev:1;) alert tcp $HOME_NET any -> [103.252.7.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.252.7.228/; sid:900611061; rev:1;) alert tcp $HOME_NET any -> [93.156.96.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.96.104/; sid:900611062; rev:1;) alert tcp $HOME_NET any -> [85.85.34.201] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.85.34.201/; sid:900611063; rev:1;) alert tcp $HOME_NET any -> [50.26.197.236] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.26.197.236/; sid:900611064; rev:1;) alert tcp $HOME_NET any -> [193.253.100.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.100.236/; sid:900611065; rev:1;) alert tcp $HOME_NET any -> [74.214.61.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.214.61.68/; sid:900611066; rev:1;) alert tcp $HOME_NET any -> [192.111.146.189] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.189/; sid:900611067; rev:1;) alert tcp $HOME_NET any -> [86.139.213.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.213.115/; sid:900611068; rev:1;) alert tcp $HOME_NET any -> [84.219.213.130] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.219.213.130/; sid:900611069; rev:1;) alert tcp $HOME_NET any -> [201.210.79.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.79.16/; sid:900611070; rev:1;) alert tcp $HOME_NET any -> [73.174.23.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.174.23.116/; sid:900611071; rev:1;) alert tcp $HOME_NET any -> [172.86.123.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.123.111/; sid:900611072; rev:1;) alert tcp $HOME_NET any -> [114.79.144.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.144.210/; sid:900611073; rev:1;) alert tcp $HOME_NET any -> [108.62.118.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.219/; sid:900611078; rev:1;) alert tcp $HOME_NET any -> [74.83.128.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.83.128.70/; sid:900611079; rev:1;) alert tcp $HOME_NET any -> [91.171.148.162] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.171.148.162/; sid:900611080; rev:1;) alert tcp $HOME_NET any -> [90.75.188.155] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.75.188.155/; sid:900611081; rev:1;) alert tcp $HOME_NET any -> [72.80.7.6] 50003 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.7.6/; sid:900611082; rev:1;) alert tcp $HOME_NET any -> [23.108.57.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.250/; sid:900611083; rev:1;) alert tcp $HOME_NET any -> [108.62.118.235] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.235/; sid:900611085; rev:1;) alert tcp $HOME_NET any -> [51.186.2.140] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.186.2.140/; sid:900611086; rev:1;) alert tcp $HOME_NET any -> [104.219.233.101] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.101/; sid:900611087; rev:1;) alert tcp $HOME_NET any -> [149.3.170.179] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.179/; sid:900611088; rev:1;) alert tcp $HOME_NET any -> [145.239.135.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.135.16/; sid:900611089; rev:1;) alert tcp $HOME_NET any -> [198.98.51.250] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.250/; sid:900611090; rev:1;) alert tcp $HOME_NET any -> [199.195.249.106] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.249.106/; sid:900611091; rev:1;) alert tcp $HOME_NET any -> [91.245.254.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.254.107/; sid:900611092; rev:1;) alert tcp $HOME_NET any -> [206.189.28.199] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.28.199/; sid:900611093; rev:1;) alert tcp $HOME_NET any -> [51.68.46.188] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.46.188/; sid:900611094; rev:1;) alert tcp $HOME_NET any -> [142.93.76.76] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.76.76/; sid:900611095; rev:1;) alert tcp $HOME_NET any -> [165.227.211.222] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.211.222/; sid:900611096; rev:1;) alert tcp $HOME_NET any -> [103.123.45.141] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.45.141/; sid:900611097; rev:1;) alert tcp $HOME_NET any -> [143.110.188.74] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.110.188.74/; sid:900611098; rev:1;) alert tcp $HOME_NET any -> [89.44.9.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.44.9.204/; sid:900611099; rev:1;) alert tcp $HOME_NET any -> [192.198.82.51] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.51/; sid:900611100; rev:1;) alert tcp $HOME_NET any -> [51.83.252.171] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.252.171/; sid:900611101; rev:1;) alert tcp $HOME_NET any -> [142.11.194.198] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.194.198/; sid:900611102; rev:1;) alert tcp $HOME_NET any -> [146.19.173.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.141/; sid:900611103; rev:1;) alert tcp $HOME_NET any -> [82.15.58.109] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.15.58.109/; sid:900611104; rev:1;) alert tcp $HOME_NET any -> [87.10.205.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.10.205.117/; sid:900611105; rev:1;) alert tcp $HOME_NET any -> [87.56.238.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.56.238.53/; sid:900611106; rev:1;) alert tcp $HOME_NET any -> [92.8.190.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.190.175/; sid:900611107; rev:1;) alert tcp $HOME_NET any -> [121.121.100.207] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.207/; sid:900611108; rev:1;) alert tcp $HOME_NET any -> [69.159.158.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.158.183/; sid:900611109; rev:1;) alert tcp $HOME_NET any -> [130.43.172.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.172.217/; sid:900611110; rev:1;) alert tcp $HOME_NET any -> [206.188.201.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.201.143/; sid:900611111; rev:1;) alert tcp $HOME_NET any -> [98.175.176.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.176.254/; sid:900611112; rev:1;) alert tcp $HOME_NET any -> [87.221.197.113] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.113/; sid:900611113; rev:1;) alert tcp $HOME_NET any -> [200.109.207.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.207.186/; sid:900611114; rev:1;) alert tcp $HOME_NET any -> [87.223.87.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.87.126/; sid:900611115; rev:1;) alert tcp $HOME_NET any -> [47.21.51.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.21.51.138/; sid:900611116; rev:1;) alert tcp $HOME_NET any -> [82.121.195.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.121.195.187/; sid:900611117; rev:1;) alert tcp $HOME_NET any -> [86.130.9.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.182/; sid:900611118; rev:1;) alert tcp $HOME_NET any -> [181.118.183.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.2/; sid:900611119; rev:1;) alert tcp $HOME_NET any -> [91.231.173.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.173.199/; sid:900611120; rev:1;) alert tcp $HOME_NET any -> [175.139.129.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.129.94/; sid:900611121; rev:1;) alert tcp $HOME_NET any -> [86.96.72.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.72.139/; sid:900611122; rev:1;) alert tcp $HOME_NET any -> [151.65.168.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.168.222/; sid:900611123; rev:1;) alert tcp $HOME_NET any -> [86.194.156.14] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.194.156.14/; sid:900611124; rev:1;) alert tcp $HOME_NET any -> [47.61.70.188] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.61.70.188/; sid:900611125; rev:1;) alert tcp $HOME_NET any -> [176.202.38.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.38.188/; sid:900611126; rev:1;) alert tcp $HOME_NET any -> [31.53.29.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.161/; sid:900611127; rev:1;) alert tcp $HOME_NET any -> [119.82.122.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.122.226/; sid:900611128; rev:1;) alert tcp $HOME_NET any -> [5.163.163.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.163.163.51/; sid:900611129; rev:1;) alert tcp $HOME_NET any -> [102.156.154.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.154.112/; sid:900611130; rev:1;) alert tcp $HOME_NET any -> [156.217.247.173] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.247.173/; sid:900611131; rev:1;) alert tcp $HOME_NET any -> [107.146.12.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.146.12.26/; sid:900611132; rev:1;) alert tcp $HOME_NET any -> [192.111.146.181] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.181/; sid:900611133; rev:1;) alert tcp $HOME_NET any -> [192.236.161.50] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.161.50/; sid:900611134; rev:1;) alert tcp $HOME_NET any -> [86.151.21.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.21.134/; sid:900611135; rev:1;) alert tcp $HOME_NET any -> [86.207.227.152] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.207.227.152/; sid:900611136; rev:1;) alert tcp $HOME_NET any -> [103.42.86.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.246/; sid:900611137; rev:1;) alert tcp $HOME_NET any -> [114.143.176.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.234/; sid:900611138; rev:1;) alert tcp $HOME_NET any -> [171.97.42.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.42.67/; sid:900611139; rev:1;) alert tcp $HOME_NET any -> [109.159.119.95] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.95/; sid:900611140; rev:1;) alert tcp $HOME_NET any -> [45.61.187.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.123/; sid:900611141; rev:1;) alert tcp $HOME_NET any -> [198.98.48.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.48.231/; sid:900611142; rev:1;) alert tcp $HOME_NET any -> [62.113.238.72] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.113.238.72/; sid:900611143; rev:1;) alert tcp $HOME_NET any -> [95.94.41.77] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.94.41.77/; sid:900611144; rev:1;) alert tcp $HOME_NET any -> [91.82.5.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.5.101/; sid:900611145; rev:1;) alert tcp $HOME_NET any -> [50.60.157.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.60.157.175/; sid:900611146; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900611147; rev:1;) alert tcp $HOME_NET any -> [105.186.138.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.138.165/; sid:900611148; rev:1;) alert tcp $HOME_NET any -> [116.72.250.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.250.18/; sid:900611149; rev:1;) alert tcp $HOME_NET any -> [143.159.167.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.159.167.231/; sid:900611150; rev:1;) alert tcp $HOME_NET any -> [92.136.182.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.182.108/; sid:900611151; rev:1;) alert tcp $HOME_NET any -> [81.151.102.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.151.102.224/; sid:900611152; rev:1;) alert tcp $HOME_NET any -> [76.93.147.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.93.147.187/; sid:900611153; rev:1;) alert tcp $HOME_NET any -> [79.9.64.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.9.64.37/; sid:900611154; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900611155; rev:1;) alert tcp $HOME_NET any -> [93.238.63.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.238.63.3/; sid:900611156; rev:1;) alert tcp $HOME_NET any -> [47.196.203.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.196.203.73/; sid:900611157; rev:1;) alert tcp $HOME_NET any -> [68.150.18.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.150.18.161/; sid:900611158; rev:1;) alert tcp $HOME_NET any -> [102.158.37.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.37.226/; sid:900611159; rev:1;) alert tcp $HOME_NET any -> [103.144.201.53] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.53/; sid:900611160; rev:1;) alert tcp $HOME_NET any -> [190.199.188.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.188.186/; sid:900611161; rev:1;) alert tcp $HOME_NET any -> [156.217.208.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.217.208.137/; sid:900611162; rev:1;) alert tcp $HOME_NET any -> [93.156.100.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.100.20/; sid:900611163; rev:1;) alert tcp $HOME_NET any -> [50.68.186.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.68.186.195/; sid:900611164; rev:1;) alert tcp $HOME_NET any -> [102.158.206.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.206.194/; sid:900611165; rev:1;) alert tcp $HOME_NET any -> [108.2.111.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.2.111.66/; sid:900611166; rev:1;) alert tcp $HOME_NET any -> [45.84.240.87] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.84.240.87/; sid:900611167; rev:1;) alert tcp $HOME_NET any -> [83.202.26.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.202.26.241/; sid:900611168; rev:1;) alert tcp $HOME_NET any -> [86.250.12.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.250.12.217/; sid:900611169; rev:1;) alert tcp $HOME_NET any -> [86.196.12.21] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.196.12.21/; sid:900611170; rev:1;) alert tcp $HOME_NET any -> [24.123.211.131] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.211.131/; sid:900611171; rev:1;) alert tcp $HOME_NET any -> [103.12.133.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.133.134/; sid:900611172; rev:1;) alert tcp $HOME_NET any -> [190.249.231.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.231.121/; sid:900611173; rev:1;) alert tcp $HOME_NET any -> [161.142.104.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.104.187/; sid:900611174; rev:1;) alert tcp $HOME_NET any -> [84.108.200.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.108.200.161/; sid:900611175; rev:1;) alert tcp $HOME_NET any -> [88.169.33.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.169.33.180/; sid:900611176; rev:1;) alert tcp $HOME_NET any -> [94.70.92.137] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.92.137/; sid:900611177; rev:1;) alert tcp $HOME_NET any -> [86.165.225.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.225.227/; sid:900611178; rev:1;) alert tcp $HOME_NET any -> [109.159.118.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.118.60/; sid:900611179; rev:1;) alert tcp $HOME_NET any -> [104.35.24.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.35.24.154/; sid:900611180; rev:1;) alert tcp $HOME_NET any -> [197.14.77.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.77.92/; sid:900611181; rev:1;) alert tcp $HOME_NET any -> [190.191.35.122] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.35.122/; sid:900611182; rev:1;) alert tcp $HOME_NET any -> [202.186.177.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.186.177.88/; sid:900611183; rev:1;) alert tcp $HOME_NET any -> [91.170.115.68] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.170.115.68/; sid:900611184; rev:1;) alert tcp $HOME_NET any -> [92.11.194.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.194.53/; sid:900611185; rev:1;) alert tcp $HOME_NET any -> [88.126.112.14] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.126.112.14/; sid:900611186; rev:1;) alert tcp $HOME_NET any -> [45.50.233.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.50.233.214/; sid:900611187; rev:1;) alert tcp $HOME_NET any -> [142.119.127.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.119.127.214/; sid:900611188; rev:1;) alert tcp $HOME_NET any -> [217.165.235.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.235.126/; sid:900611189; rev:1;) alert tcp $HOME_NET any -> [23.251.92.57] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.251.92.57/; sid:900611190; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900611191; rev:1;) alert tcp $HOME_NET any -> [86.172.79.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.172.79.135/; sid:900611192; rev:1;) alert tcp $HOME_NET any -> [49.245.127.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.127.223/; sid:900611193; rev:1;) alert tcp $HOME_NET any -> [82.127.204.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.204.82/; sid:900611194; rev:1;) alert tcp $HOME_NET any -> [78.130.215.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.130.215.67/; sid:900611195; rev:1;) alert tcp $HOME_NET any -> [97.116.78.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.116.78.96/; sid:900611196; rev:1;) alert tcp $HOME_NET any -> [64.237.207.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.207.9/; sid:900611197; rev:1;) alert tcp $HOME_NET any -> [194.166.90.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.166.90.227/; sid:900611198; rev:1;) alert tcp $HOME_NET any -> [183.82.112.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.209/; sid:900611199; rev:1;) alert tcp $HOME_NET any -> [189.222.55.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.55.8/; sid:900611200; rev:1;) alert tcp $HOME_NET any -> [86.161.143.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.161.143.7/; sid:900611201; rev:1;) alert tcp $HOME_NET any -> [72.188.121.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.121.121/; sid:900611202; rev:1;) alert tcp $HOME_NET any -> [103.169.83.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.169.83.89/; sid:900611203; rev:1;) alert tcp $HOME_NET any -> [99.254.167.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.254.167.145/; sid:900611204; rev:1;) alert tcp $HOME_NET any -> [105.99.105.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.99.105.0/; sid:900611205; rev:1;) alert tcp $HOME_NET any -> [51.75.63.193] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.63.193/; sid:900611206; rev:1;) alert tcp $HOME_NET any -> [209.142.97.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.142.97.83/; sid:900611207; rev:1;) alert tcp $HOME_NET any -> [76.64.202.88] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.64.202.88/; sid:900611208; rev:1;) alert tcp $HOME_NET any -> [90.78.51.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.51.182/; sid:900611209; rev:1;) alert tcp $HOME_NET any -> [180.158.187.35] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.158.187.35/; sid:900611210; rev:1;) alert tcp $HOME_NET any -> [125.99.69.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.69.178/; sid:900611211; rev:1;) alert tcp $HOME_NET any -> [78.16.206.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.206.181/; sid:900611213; rev:1;) alert tcp $HOME_NET any -> [182.180.105.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.105.242/; sid:900611214; rev:1;) alert tcp $HOME_NET any -> [86.130.9.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.197/; sid:900611215; rev:1;) alert tcp $HOME_NET any -> [14.202.223.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.202.223.107/; sid:900611216; rev:1;) alert tcp $HOME_NET any -> [102.156.32.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.32.143/; sid:900611217; rev:1;) alert tcp $HOME_NET any -> [71.52.53.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.52.53.166/; sid:900611218; rev:1;) alert tcp $HOME_NET any -> [208.187.122.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.187.122.74/; sid:900611219; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900611220; rev:1;) alert tcp $HOME_NET any -> [142.11.213.56] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.213.56/; sid:900611221; rev:1;) alert tcp $HOME_NET any -> [62.113.238.73] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.113.238.73/; sid:900611222; rev:1;) alert tcp $HOME_NET any -> [195.20.17.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.20.17.233/; sid:900611223; rev:1;) alert tcp $HOME_NET any -> [109.149.147.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.148/; sid:900611224; rev:1;) alert tcp $HOME_NET any -> [197.204.236.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.236.174/; sid:900611225; rev:1;) alert tcp $HOME_NET any -> [217.165.186.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.186.116/; sid:900611226; rev:1;) alert tcp $HOME_NET any -> [2.14.144.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.144.105/; sid:900611227; rev:1;) alert tcp $HOME_NET any -> [145.239.30.242] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.30.242/; sid:900611228; rev:1;) alert tcp $HOME_NET any -> [83.7.52.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.52.16/; sid:900611229; rev:1;) alert tcp $HOME_NET any -> [146.19.173.25] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.25/; sid:900611230; rev:1;) alert tcp $HOME_NET any -> [23.108.57.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.79/; sid:900611231; rev:1;) alert tcp $HOME_NET any -> [47.6.243.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.243.7/; sid:900611232; rev:1;) alert tcp $HOME_NET any -> [146.70.149.32] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.32/; sid:900611233; rev:1;) alert tcp $HOME_NET any -> [165.22.230.183] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.230.183/; sid:900611234; rev:1;) alert tcp $HOME_NET any -> [103.161.172.109] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.109/; sid:900611235; rev:1;) alert tcp $HOME_NET any -> [128.199.24.148] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.24.148/; sid:900611236; rev:1;) alert tcp $HOME_NET any -> [188.44.20.25] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.44.20.25/; sid:900611237; rev:1;) alert tcp $HOME_NET any -> [119.59.103.152] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.103.152/; sid:900611238; rev:1;) alert tcp $HOME_NET any -> [172.104.251.154] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.251.154/; sid:900611239; rev:1;) alert tcp $HOME_NET any -> [45.235.8.30] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.235.8.30/; sid:900611240; rev:1;) alert tcp $HOME_NET any -> [116.86.252.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.86.252.13/; sid:900611241; rev:1;) alert tcp $HOME_NET any -> [89.32.158.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.158.118/; sid:900611242; rev:1;) alert tcp $HOME_NET any -> [92.177.204.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.177.204.2/; sid:900611243; rev:1;) alert tcp $HOME_NET any -> [87.149.176.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.149.176.97/; sid:900611244; rev:1;) alert tcp $HOME_NET any -> [24.239.69.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.239.69.244/; sid:900611245; rev:1;) alert tcp $HOME_NET any -> [45.72.110.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.72.110.133/; sid:900611246; rev:1;) alert tcp $HOME_NET any -> [47.149.95.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.95.10/; sid:900611247; rev:1;) alert tcp $HOME_NET any -> [70.27.104.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.104.2/; sid:900611248; rev:1;) alert tcp $HOME_NET any -> [100.10.72.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.10.72.114/; sid:900611249; rev:1;) alert tcp $HOME_NET any -> [92.8.191.120] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.8.191.120/; sid:900611250; rev:1;) alert tcp $HOME_NET any -> [47.21.51.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.21.51.138/; sid:900611251; rev:1;) alert tcp $HOME_NET any -> [24.64.112.40] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.64.112.40/; sid:900611252; rev:1;) alert tcp $HOME_NET any -> [72.203.216.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.203.216.98/; sid:900611253; rev:1;) alert tcp $HOME_NET any -> [200.84.210.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.210.63/; sid:900611254; rev:1;) alert tcp $HOME_NET any -> [109.149.147.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.177/; sid:900611255; rev:1;) alert tcp $HOME_NET any -> [195.20.17.76] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.20.17.76/; sid:900611256; rev:1;) alert tcp $HOME_NET any -> [2.82.8.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.8.80/; sid:900611257; rev:1;) alert tcp $HOME_NET any -> [201.211.197.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.197.241/; sid:900611258; rev:1;) alert tcp $HOME_NET any -> [105.184.103.182] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.103.182/; sid:900611259; rev:1;) alert tcp $HOME_NET any -> [188.49.124.57] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.49.124.57/; sid:900611260; rev:1;) alert tcp $HOME_NET any -> [90.92.177.180] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.92.177.180/; sid:900611261; rev:1;) alert tcp $HOME_NET any -> [86.208.35.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.208.35.220/; sid:900611262; rev:1;) alert tcp $HOME_NET any -> [220.245.150.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.150.33/; sid:900611263; rev:1;) alert tcp $HOME_NET any -> [202.29.237.114] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.237.114/; sid:900611264; rev:1;) alert tcp $HOME_NET any -> [116.75.63.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.125/; sid:900611265; rev:1;) alert tcp $HOME_NET any -> [103.42.86.238] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.238/; sid:900611266; rev:1;) alert tcp $HOME_NET any -> [103.123.221.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.221.16/; sid:900611267; rev:1;) alert tcp $HOME_NET any -> [103.231.216.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.231.216.238/; sid:900611268; rev:1;) alert tcp $HOME_NET any -> [114.79.180.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.180.14/; sid:900611269; rev:1;) alert tcp $HOME_NET any -> [86.236.114.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.236.114.212/; sid:900611270; rev:1;) alert tcp $HOME_NET any -> [64.130.78.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.130.78.191/; sid:900611271; rev:1;) alert tcp $HOME_NET any -> [86.182.184.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.182.184.130/; sid:900611272; rev:1;) alert tcp $HOME_NET any -> [174.68.148.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.68.148.189/; sid:900611273; rev:1;) alert tcp $HOME_NET any -> [88.111.182.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.111.182.118/; sid:900611274; rev:1;) alert tcp $HOME_NET any -> [50.20.171.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.20.171.2/; sid:900611275; rev:1;) alert tcp $HOME_NET any -> [46.24.103.218] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.103.218/; sid:900611276; rev:1;) alert tcp $HOME_NET any -> [2.88.198.90] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.88.198.90/; sid:900611277; rev:1;) alert tcp $HOME_NET any -> [216.228.41.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.228.41.244/; sid:900611278; rev:1;) alert tcp $HOME_NET any -> [75.166.241.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.166.241.189/; sid:900611279; rev:1;) alert tcp $HOME_NET any -> [35.143.97.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.143.97.145/; sid:900611280; rev:1;) alert tcp $HOME_NET any -> [105.99.109.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.99.109.4/; sid:900611281; rev:1;) alert tcp $HOME_NET any -> [76.27.40.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.27.40.189/; sid:900611282; rev:1;) alert tcp $HOME_NET any -> [86.147.63.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.147.63.40/; sid:900611283; rev:1;) alert tcp $HOME_NET any -> [73.161.178.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.161.178.173/; sid:900611284; rev:1;) alert tcp $HOME_NET any -> [47.32.78.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.78.150/; sid:900611285; rev:1;) alert tcp $HOME_NET any -> [72.194.232.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.194.232.94/; sid:900611286; rev:1;) alert tcp $HOME_NET any -> [142.118.243.5] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.243.5/; sid:900611287; rev:1;) alert tcp $HOME_NET any -> [70.51.132.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.216/; sid:900611288; rev:1;) alert tcp $HOME_NET any -> [188.116.62.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.116.62.165/; sid:900611289; rev:1;) alert tcp $HOME_NET any -> [24.187.145.201] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.187.145.201/; sid:900611290; rev:1;) alert tcp $HOME_NET any -> [190.28.90.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.90.2/; sid:900611291; rev:1;) alert tcp $HOME_NET any -> [65.92.222.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.92.222.42/; sid:900611292; rev:1;) alert tcp $HOME_NET any -> [205.185.113.34] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.113.34/; sid:900611293; rev:1;) alert tcp $HOME_NET any -> [83.7.54.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.54.170/; sid:900611294; rev:1;) alert tcp $HOME_NET any -> [172.86.120.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.120.111/; sid:900611295; rev:1;) alert tcp $HOME_NET any -> [23.254.167.63] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.167.63/; sid:900611296; rev:1;) alert tcp $HOME_NET any -> [103.175.16.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.104/; sid:900611297; rev:1;) alert tcp $HOME_NET any -> [209.141.35.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.35.185/; sid:900611298; rev:1;) alert tcp $HOME_NET any -> [67.70.5.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.5.159/; sid:900611299; rev:1;) alert tcp $HOME_NET any -> [47.16.76.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.76.130/; sid:900611300; rev:1;) alert tcp $HOME_NET any -> [161.142.105.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.105.32/; sid:900611301; rev:1;) alert tcp $HOME_NET any -> [81.157.227.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.157.227.223/; sid:900611303; rev:1;) alert tcp $HOME_NET any -> [24.252.133.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.252.133.201/; sid:900611304; rev:1;) alert tcp $HOME_NET any -> [68.169.182.54] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.182.54/; sid:900611305; rev:1;) alert tcp $HOME_NET any -> [86.169.203.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.169.203.116/; sid:900611306; rev:1;) alert tcp $HOME_NET any -> [70.59.2.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.59.2.118/; sid:900611307; rev:1;) alert tcp $HOME_NET any -> [184.176.35.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.35.223/; sid:900611308; rev:1;) alert tcp $HOME_NET any -> [98.37.25.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.37.25.99/; sid:900611309; rev:1;) alert tcp $HOME_NET any -> [31.190.67.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.67.185/; sid:900611310; rev:1;) alert tcp $HOME_NET any -> [103.141.50.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.102/; sid:900611311; rev:1;) alert tcp $HOME_NET any -> [90.213.146.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.213.146.227/; sid:900611312; rev:1;) alert tcp $HOME_NET any -> [37.56.105.165] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.56.105.165/; sid:900611313; rev:1;) alert tcp $HOME_NET any -> [86.189.211.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.189.211.104/; sid:900611314; rev:1;) alert tcp $HOME_NET any -> [87.223.82.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.82.41/; sid:900611315; rev:1;) alert tcp $HOME_NET any -> [109.218.233.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.233.202/; sid:900611316; rev:1;) alert tcp $HOME_NET any -> [45.246.235.113] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.246.235.113/; sid:900611317; rev:1;) alert tcp $HOME_NET any -> [23.106.124.23] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.124.23/; sid:900611318; rev:1;) alert tcp $HOME_NET any -> [2.13.73.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.13.73.146/; sid:900611319; rev:1;) alert tcp $HOME_NET any -> [23.81.246.22] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.81.246.22/; sid:900611320; rev:1;) alert tcp $HOME_NET any -> [87.221.215.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.215.41/; sid:900611321; rev:1;) alert tcp $HOME_NET any -> [122.184.143.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.82/; sid:900611322; rev:1;) alert tcp $HOME_NET any -> [190.206.75.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.206.75.58/; sid:900611323; rev:1;) alert tcp $HOME_NET any -> [86.130.9.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.232/; sid:900611324; rev:1;) alert tcp $HOME_NET any -> [151.65.224.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.224.211/; sid:900611325; rev:1;) alert tcp $HOME_NET any -> [67.187.130.101] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.187.130.101/; sid:900611326; rev:1;) alert tcp $HOME_NET any -> [68.108.122.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.108.122.180/; sid:900611327; rev:1;) alert tcp $HOME_NET any -> [23.106.223.182] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.182/; sid:900611328; rev:1;) alert tcp $HOME_NET any -> [161.142.107.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.107.68/; sid:900611329; rev:1;) alert tcp $HOME_NET any -> [103.252.7.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.252.7.231/; sid:900611330; rev:1;) alert tcp $HOME_NET any -> [2.50.48.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.48.213/; sid:900611331; rev:1;) alert tcp $HOME_NET any -> [103.123.223.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.76/; sid:900611332; rev:1;) alert tcp $HOME_NET any -> [23.106.223.197] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.197/; sid:900611333; rev:1;) alert tcp $HOME_NET any -> [51.68.144.43] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.144.43/; sid:900611334; rev:1;) alert tcp $HOME_NET any -> [95.168.191.134] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.168.191.134/; sid:900611335; rev:1;) alert tcp $HOME_NET any -> [107.189.8.58] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.8.58/; sid:900611336; rev:1;) alert tcp $HOME_NET any -> [146.19.173.86] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.86/; sid:900611337; rev:1;) alert tcp $HOME_NET any -> [104.168.157.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.157.253/; sid:900611338; rev:1;) alert tcp $HOME_NET any -> [104.168.171.159] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.171.159/; sid:900611339; rev:1;) alert tcp $HOME_NET any -> [160.20.147.91] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.20.147.91/; sid:900611340; rev:1;) alert tcp $HOME_NET any -> [185.227.82.15] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.227.82.15/; sid:900611341; rev:1;) alert tcp $HOME_NET any -> [192.236.161.44] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.161.44/; sid:900611342; rev:1;) alert tcp $HOME_NET any -> [95.168.191.248] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.168.191.248/; sid:900611343; rev:1;) alert tcp $HOME_NET any -> [185.173.34.35] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.173.34.35/; sid:900611344; rev:1;) alert tcp $HOME_NET any -> [173.234.155.246] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.234.155.246/; sid:900611345; rev:1;) alert tcp $HOME_NET any -> [103.144.139.146] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.146/; sid:900611346; rev:1;) alert tcp $HOME_NET any -> [23.106.223.222] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.223.222/; sid:900611347; rev:1;) alert tcp $HOME_NET any -> [86.202.48.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.202.48.142/; sid:900611348; rev:1;) alert tcp $HOME_NET any -> [188.83.248.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.83.248.76/; sid:900611349; rev:1;) alert tcp $HOME_NET any -> [79.67.165.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.67.165.149/; sid:900611350; rev:1;) alert tcp $HOME_NET any -> [147.219.4.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.219.4.194/; sid:900611351; rev:1;) alert tcp $HOME_NET any -> [89.32.157.195] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.157.195/; sid:900611352; rev:1;) alert tcp $HOME_NET any -> [86.138.7.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.138.7.220/; sid:900611353; rev:1;) alert tcp $HOME_NET any -> [31.53.29.145] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.145/; sid:900611354; rev:1;) alert tcp $HOME_NET any -> [64.237.185.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.185.60/; sid:900611355; rev:1;) alert tcp $HOME_NET any -> [197.26.145.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.145.223/; sid:900611356; rev:1;) alert tcp $HOME_NET any -> [98.163.227.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.163.227.79/; sid:900611357; rev:1;) alert tcp $HOME_NET any -> [103.42.86.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.86.110/; sid:900611358; rev:1;) alert tcp $HOME_NET any -> [146.70.29.237] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.29.237/; sid:900611359; rev:1;) alert tcp $HOME_NET any -> [109.150.179.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.179.236/; sid:900611361; rev:1;) alert tcp $HOME_NET any -> [65.190.242.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.190.242.244/; sid:900611362; rev:1;) alert tcp $HOME_NET any -> [41.230.174.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.174.134/; sid:900611363; rev:1;) alert tcp $HOME_NET any -> [93.156.99.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.99.48/; sid:900611364; rev:1;) alert tcp $HOME_NET any -> [47.149.78.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.78.242/; sid:900611365; rev:1;) alert tcp $HOME_NET any -> [156.216.125.255] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.216.125.255/; sid:900611366; rev:1;) alert tcp $HOME_NET any -> [46.27.231.50] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.27.231.50/; sid:900611367; rev:1;) alert tcp $HOME_NET any -> [82.212.115.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.212.115.188/; sid:900611368; rev:1;) alert tcp $HOME_NET any -> [205.164.227.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.164.227.222/; sid:900611369; rev:1;) alert tcp $HOME_NET any -> [188.49.125.169] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.49.125.169/; sid:900611370; rev:1;) alert tcp $HOME_NET any -> [95.255.60.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.255.60.223/; sid:900611371; rev:1;) alert tcp $HOME_NET any -> [190.11.198.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.75/; sid:900611372; rev:1;) alert tcp $HOME_NET any -> [66.35.126.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.126.223/; sid:900611373; rev:1;) alert tcp $HOME_NET any -> [86.128.15.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.128.15.66/; sid:900611374; rev:1;) alert tcp $HOME_NET any -> [181.164.217.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.217.211/; sid:900611375; rev:1;) alert tcp $HOME_NET any -> [41.228.236.143] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.236.143/; sid:900611376; rev:1;) alert tcp $HOME_NET any -> [104.168.175.78] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.175.78/; sid:900611377; rev:1;) alert tcp $HOME_NET any -> [80.3.209.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.3.209.218/; sid:900611378; rev:1;) alert tcp $HOME_NET any -> [76.64.202.44] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.64.202.44/; sid:900611379; rev:1;) alert tcp $HOME_NET any -> [194.135.33.182] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.182/; sid:900611380; rev:1;) alert tcp $HOME_NET any -> [124.122.56.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.56.144/; sid:900611381; rev:1;) alert tcp $HOME_NET any -> [2.50.137.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.46/; sid:900611382; rev:1;) alert tcp $HOME_NET any -> [92.97.197.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.197.177/; sid:900611383; rev:1;) alert tcp $HOME_NET any -> [94.3.71.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.3.71.196/; sid:900611384; rev:1;) alert tcp $HOME_NET any -> [51.75.62.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.62.204/; sid:900611385; rev:1;) alert tcp $HOME_NET any -> [109.49.52.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.49.52.108/; sid:900611386; rev:1;) alert tcp $HOME_NET any -> [83.7.53.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.53.157/; sid:900611387; rev:1;) alert tcp $HOME_NET any -> [72.80.94.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.80.94.230/; sid:900611388; rev:1;) alert tcp $HOME_NET any -> [86.188.32.131] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.188.32.131/; sid:900611389; rev:1;) alert tcp $HOME_NET any -> [91.206.178.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.204/; sid:900611390; rev:1;) alert tcp $HOME_NET any -> [85.74.149.3] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.74.149.3/; sid:900611391; rev:1;) alert tcp $HOME_NET any -> [210.84.30.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.84.30.161/; sid:900611392; rev:1;) alert tcp $HOME_NET any -> [78.218.230.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.218.230.28/; sid:900611393; rev:1;) alert tcp $HOME_NET any -> [94.105.123.142] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.105.123.142/; sid:900611394; rev:1;) alert tcp $HOME_NET any -> [108.62.118.170] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.170/; sid:900611395; rev:1;) alert tcp $HOME_NET any -> [23.108.57.201] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.108.57.201/; sid:900611396; rev:1;) alert tcp $HOME_NET any -> [108.62.141.20] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.141.20/; sid:900611397; rev:1;) alert tcp $HOME_NET any -> [91.206.178.234] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.234/; sid:900611398; rev:1;) alert tcp $HOME_NET any -> [209.140.8.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.140.8.70/; sid:900611399; rev:1;) alert tcp $HOME_NET any -> [172.93.193.3] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.3/; sid:900611400; rev:1;) alert tcp $HOME_NET any -> [194.135.33.184] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.184/; sid:900611401; rev:1;) alert tcp $HOME_NET any -> [198.98.58.184] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.58.184/; sid:900611402; rev:1;) alert tcp $HOME_NET any -> [205.185.114.241] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.114.241/; sid:900611403; rev:1;) alert tcp $HOME_NET any -> [77.124.6.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.6.149/; sid:900611404; rev:1;) alert tcp $HOME_NET any -> [92.17.122.33] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.122.33/; sid:900611405; rev:1;) alert tcp $HOME_NET any -> [180.151.108.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.108.14/; sid:900611406; rev:1;) alert tcp $HOME_NET any -> [86.176.144.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.213/; sid:900611407; rev:1;) alert tcp $HOME_NET any -> [89.32.159.192] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.159.192/; sid:900611408; rev:1;) alert tcp $HOME_NET any -> [190.11.198.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.74/; sid:900611409; rev:1;) alert tcp $HOME_NET any -> [119.155.227.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.155.227.81/; sid:900611410; rev:1;) alert tcp $HOME_NET any -> [2.50.47.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.47.74/; sid:900611411; rev:1;) alert tcp $HOME_NET any -> [49.245.82.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.82.178/; sid:900611412; rev:1;) alert tcp $HOME_NET any -> [108.190.203.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.203.42/; sid:900611413; rev:1;) alert tcp $HOME_NET any -> [86.130.9.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.146/; sid:900611414; rev:1;) alert tcp $HOME_NET any -> [197.0.251.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.251.32/; sid:900611415; rev:1;) alert tcp $HOME_NET any -> [217.165.1.53] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.1.53/; sid:900611416; rev:1;) alert tcp $HOME_NET any -> [116.74.164.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.67/; sid:900611417; rev:1;) alert tcp $HOME_NET any -> [31.166.48.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.166.48.125/; sid:900611418; rev:1;) alert tcp $HOME_NET any -> [72.188.103.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.103.221/; sid:900611419; rev:1;) alert tcp $HOME_NET any -> [98.22.28.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.28.34/; sid:900611420; rev:1;) alert tcp $HOME_NET any -> [114.92.98.210] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.92.98.210/; sid:900611421; rev:1;) alert tcp $HOME_NET any -> [202.187.232.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.232.161/; sid:900611422; rev:1;) alert tcp $HOME_NET any -> [103.111.70.115] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.115/; sid:900611423; rev:1;) alert tcp $HOME_NET any -> [103.111.70.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.115/; sid:900611424; rev:1;) alert tcp $HOME_NET any -> [194.135.33.85] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.85/; sid:900611425; rev:1;) alert tcp $HOME_NET any -> [107.189.5.17] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.5.17/; sid:900611426; rev:1;) alert tcp $HOME_NET any -> [209.141.40.19] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.40.19/; sid:900611427; rev:1;) alert tcp $HOME_NET any -> [142.182.109.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.182.109.233/; sid:900611428; rev:1;) alert tcp $HOME_NET any -> [37.28.157.29] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.28.157.29/; sid:900611429; rev:1;) alert tcp $HOME_NET any -> [51.68.145.171] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.145.171/; sid:900611430; rev:1;) alert tcp $HOME_NET any -> [104.168.140.145] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.140.145/; sid:900611431; rev:1;) alert tcp $HOME_NET any -> [192.119.72.133] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.72.133/; sid:900611432; rev:1;) alert tcp $HOME_NET any -> [74.58.71.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.71.237/; sid:900611433; rev:1;) alert tcp $HOME_NET any -> [95.242.101.251] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.242.101.251/; sid:900611434; rev:1;) alert tcp $HOME_NET any -> [190.75.95.164] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.95.164/; sid:900611435; rev:1;) alert tcp $HOME_NET any -> [80.47.57.131] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.47.57.131/; sid:900611436; rev:1;) alert tcp $HOME_NET any -> [46.10.198.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.10.198.107/; sid:900611437; rev:1;) alert tcp $HOME_NET any -> [68.173.170.110] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.173.170.110/; sid:900611438; rev:1;) alert tcp $HOME_NET any -> [92.97.203.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.203.51/; sid:900611439; rev:1;) alert tcp $HOME_NET any -> [80.13.205.69] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.13.205.69/; sid:900611440; rev:1;) alert tcp $HOME_NET any -> [109.151.144.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.151.144.37/; sid:900611441; rev:1;) alert tcp $HOME_NET any -> [86.99.54.39] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.54.39/; sid:900611442; rev:1;) alert tcp $HOME_NET any -> [14.192.241.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.241.76/; sid:900611443; rev:1;) alert tcp $HOME_NET any -> [86.150.47.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.47.219/; sid:900611444; rev:1;) alert tcp $HOME_NET any -> [107.189.12.129] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.12.129/; sid:900611445; rev:1;) alert tcp $HOME_NET any -> [71.212.147.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.212.147.224/; sid:900611446; rev:1;) alert tcp $HOME_NET any -> [103.140.174.19] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.174.19/; sid:900611447; rev:1;) alert tcp $HOME_NET any -> [157.254.194.104] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.254.194.104/; sid:900611448; rev:1;) alert tcp $HOME_NET any -> [195.133.192.10] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.10/; sid:900611449; rev:1;) alert tcp $HOME_NET any -> [86.106.131.105] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.106.131.105/; sid:900611450; rev:1;) alert tcp $HOME_NET any -> [195.20.17.75] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.20.17.75/; sid:900611451; rev:1;) alert tcp $HOME_NET any -> [157.254.194.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.254.194.117/; sid:900611452; rev:1;) alert tcp $HOME_NET any -> [209.141.53.174] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.53.174/; sid:900611453; rev:1;) alert tcp $HOME_NET any -> [103.175.16.13] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.13/; sid:900611454; rev:1;) alert tcp $HOME_NET any -> [192.111.146.178] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.111.146.178/; sid:900611455; rev:1;) alert tcp $HOME_NET any -> [103.123.223.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.168/; sid:900611456; rev:1;) alert tcp $HOME_NET any -> [172.93.193.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.46/; sid:900611457; rev:1;) alert tcp $HOME_NET any -> [54.38.139.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.139.94/; sid:900611458; rev:1;) alert tcp $HOME_NET any -> [172.93.193.95] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.193.95/; sid:900611459; rev:1;) alert tcp $HOME_NET any -> [172.241.27.116] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.241.27.116/; sid:900611460; rev:1;) alert tcp $HOME_NET any -> [192.236.178.253] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.178.253/; sid:900611461; rev:1;) alert tcp $HOME_NET any -> [192.119.65.175] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.65.175/; sid:900611462; rev:1;) alert tcp $HOME_NET any -> [209.141.41.251] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.41.251/; sid:900611463; rev:1;) alert tcp $HOME_NET any -> [174.118.36.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.36.28/; sid:900611465; rev:1;) alert tcp $HOME_NET any -> [188.49.116.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.49.116.2/; sid:900611466; rev:1;) alert tcp $HOME_NET any -> [86.190.223.11] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.223.11/; sid:900611467; rev:1;) alert tcp $HOME_NET any -> [109.149.147.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.104/; sid:900611468; rev:1;) alert tcp $HOME_NET any -> [87.223.83.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.83.119/; sid:900611469; rev:1;) alert tcp $HOME_NET any -> [86.130.9.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.136/; sid:900611470; rev:1;) alert tcp $HOME_NET any -> [80.47.61.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.47.61.240/; sid:900611471; rev:1;) alert tcp $HOME_NET any -> [212.69.141.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.69.141.168/; sid:900611472; rev:1;) alert tcp $HOME_NET any -> [151.65.177.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.177.218/; sid:900611473; rev:1;) alert tcp $HOME_NET any -> [86.191.237.255] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.191.237.255/; sid:900611474; rev:1;) alert tcp $HOME_NET any -> [161.142.102.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.102.110/; sid:900611475; rev:1;) alert tcp $HOME_NET any -> [114.143.176.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.235/; sid:900611476; rev:1;) alert tcp $HOME_NET any -> [180.151.104.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.104.240/; sid:900611477; rev:1;) alert tcp $HOME_NET any -> [86.97.52.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.52.177/; sid:900611478; rev:1;) alert tcp $HOME_NET any -> [116.74.164.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.35/; sid:900611479; rev:1;) alert tcp $HOME_NET any -> [86.250.10.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.250.10.160/; sid:900611480; rev:1;) alert tcp $HOME_NET any -> [47.196.225.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.196.225.236/; sid:900611481; rev:1;) alert tcp $HOME_NET any -> [77.124.9.203] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.9.203/; sid:900611482; rev:1;) alert tcp $HOME_NET any -> [118.250.180.74] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.250.180.74/; sid:900611483; rev:1;) alert tcp $HOME_NET any -> [64.237.251.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.251.199/; sid:900611484; rev:1;) alert tcp $HOME_NET any -> [37.189.253.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.189.253.91/; sid:900611485; rev:1;) alert tcp $HOME_NET any -> [86.178.18.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.18.239/; sid:900611486; rev:1;) alert tcp $HOME_NET any -> [81.157.206.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.157.206.138/; sid:900611487; rev:1;) alert tcp $HOME_NET any -> [109.158.144.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.158.144.102/; sid:900611488; rev:1;) alert tcp $HOME_NET any -> [184.176.110.61] 61202 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.110.61/; sid:900611489; rev:1;) alert tcp $HOME_NET any -> [82.212.115.116] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.212.115.116/; sid:900611490; rev:1;) alert tcp $HOME_NET any -> [190.141.133.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.133.204/; sid:900611491; rev:1;) alert tcp $HOME_NET any -> [184.174.138.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.174.138.70/; sid:900611492; rev:1;) alert tcp $HOME_NET any -> [47.203.229.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.203.229.168/; sid:900611493; rev:1;) alert tcp $HOME_NET any -> [86.10.146.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.10.146.216/; sid:900611494; rev:1;) alert tcp $HOME_NET any -> [201.130.119.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.119.176/; sid:900611495; rev:1;) alert tcp $HOME_NET any -> [87.221.197.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.34/; sid:900611496; rev:1;) alert tcp $HOME_NET any -> [212.70.98.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.183/; sid:900611497; rev:1;) alert tcp $HOME_NET any -> [70.27.163.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.163.177/; sid:900611498; rev:1;) alert tcp $HOME_NET any -> [64.237.212.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.212.162/; sid:900611499; rev:1;) alert tcp $HOME_NET any -> [190.28.86.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.86.103/; sid:900611500; rev:1;) alert tcp $HOME_NET any -> [65.92.221.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.92.221.105/; sid:900611501; rev:1;) alert tcp $HOME_NET any -> [31.53.29.205] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.205/; sid:900611502; rev:1;) alert tcp $HOME_NET any -> [142.118.23.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.23.130/; sid:900611503; rev:1;) alert tcp $HOME_NET any -> [109.218.13.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.13.132/; sid:900611504; rev:1;) alert tcp $HOME_NET any -> [86.151.244.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.244.117/; sid:900611505; rev:1;) alert tcp $HOME_NET any -> [187.199.238.208] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.238.208/; sid:900611506; rev:1;) alert tcp $HOME_NET any -> [66.35.125.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.42/; sid:900611507; rev:1;) alert tcp $HOME_NET any -> [174.4.89.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.4.89.3/; sid:900611508; rev:1;) alert tcp $HOME_NET any -> [190.11.198.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.73/; sid:900611509; rev:1;) alert tcp $HOME_NET any -> [78.192.109.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.192.109.105/; sid:900611510; rev:1;) alert tcp $HOME_NET any -> [45.243.201.24] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.201.24/; sid:900611511; rev:1;) alert tcp $HOME_NET any -> [37.28.155.36] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.28.155.36/; sid:900611512; rev:1;) alert tcp $HOME_NET any -> [157.254.194.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.254.194.119/; sid:900611513; rev:1;) alert tcp $HOME_NET any -> [23.242.20.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.242.20.21/; sid:900611514; rev:1;) alert tcp $HOME_NET any -> [51.83.254.9] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.254.9/; sid:900611515; rev:1;) alert tcp $HOME_NET any -> [83.7.52.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.52.249/; sid:900611516; rev:1;) alert tcp $HOME_NET any -> [64.237.221.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.221.254/; sid:900611517; rev:1;) alert tcp $HOME_NET any -> [102.46.73.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.46.73.102/; sid:900611518; rev:1;) alert tcp $HOME_NET any -> [87.223.81.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.81.32/; sid:900611519; rev:1;) alert tcp $HOME_NET any -> [41.62.129.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.129.151/; sid:900611520; rev:1;) alert tcp $HOME_NET any -> [86.99.51.33] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.51.33/; sid:900611521; rev:1;) alert tcp $HOME_NET any -> [109.149.148.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.148.242/; sid:900611522; rev:1;) alert tcp $HOME_NET any -> [104.168.151.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.151.120/; sid:900611523; rev:1;) alert tcp $HOME_NET any -> [23.254.225.130] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.225.130/; sid:900611524; rev:1;) alert tcp $HOME_NET any -> [51.83.248.92] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.248.92/; sid:900611525; rev:1;) alert tcp $HOME_NET any -> [80.1.152.201] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.1.152.201/; sid:900611526; rev:1;) alert tcp $HOME_NET any -> [180.158.186.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.158.186.175/; sid:900611527; rev:1;) alert tcp $HOME_NET any -> [202.187.239.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.239.34/; sid:900611528; rev:1;) alert tcp $HOME_NET any -> [171.97.42.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.42.222/; sid:900611529; rev:1;) alert tcp $HOME_NET any -> [217.165.230.100] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.230.100/; sid:900611530; rev:1;) alert tcp $HOME_NET any -> [31.167.215.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.215.175/; sid:900611531; rev:1;) alert tcp $HOME_NET any -> [27.99.34.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.99.34.220/; sid:900611532; rev:1;) alert tcp $HOME_NET any -> [91.207.181.106] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.181.106/; sid:900611533; rev:1;) alert tcp $HOME_NET any -> [66.228.32.31] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.32.31/; sid:900611534; rev:1;) alert tcp $HOME_NET any -> [91.121.146.47] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.146.47/; sid:900611535; rev:1;) alert tcp $HOME_NET any -> [101.50.0.91] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.50.0.91/; sid:900611536; rev:1;) alert tcp $HOME_NET any -> [178.128.23.9] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900611537; rev:1;) alert tcp $HOME_NET any -> [198.199.65.189] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.65.189/; sid:900611538; rev:1;) alert tcp $HOME_NET any -> [79.137.13.24] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.13.24/; sid:900611539; rev:1;) alert tcp $HOME_NET any -> [95.111.233.254] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.111.233.254/; sid:900611540; rev:1;) alert tcp $HOME_NET any -> [104.236.5.228] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.5.228/; sid:900611541; rev:1;) alert tcp $HOME_NET any -> [103.63.109.9] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.63.109.9/; sid:900611542; rev:1;) alert tcp $HOME_NET any -> [41.228.236.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.236.70/; sid:900611543; rev:1;) alert tcp $HOME_NET any -> [70.51.133.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.133.238/; sid:900611544; rev:1;) alert tcp $HOME_NET any -> [105.109.157.34] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.157.34/; sid:900611545; rev:1;) alert tcp $HOME_NET any -> [190.75.151.215] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.151.215/; sid:900611546; rev:1;) alert tcp $HOME_NET any -> [64.229.202.224] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.202.224/; sid:900611547; rev:1;) alert tcp $HOME_NET any -> [201.137.166.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.166.52/; sid:900611548; rev:1;) alert tcp $HOME_NET any -> [81.158.112.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.158.112.20/; sid:900611549; rev:1;) alert tcp $HOME_NET any -> [82.212.112.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.212.112.246/; sid:900611550; rev:1;) alert tcp $HOME_NET any -> [24.117.237.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.117.237.157/; sid:900611551; rev:1;) alert tcp $HOME_NET any -> [67.61.61.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.61.61.31/; sid:900611552; rev:1;) alert tcp $HOME_NET any -> [200.109.20.215] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.20.215/; sid:900611553; rev:1;) alert tcp $HOME_NET any -> [178.152.28.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.28.73/; sid:900611554; rev:1;) alert tcp $HOME_NET any -> [70.24.104.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.104.146/; sid:900611555; rev:1;) alert tcp $HOME_NET any -> [70.55.187.152] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.187.152/; sid:900611556; rev:1;) alert tcp $HOME_NET any -> [95.95.175.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.95.175.98/; sid:900611557; rev:1;) alert tcp $HOME_NET any -> [69.159.158.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.158.197/; sid:900611558; rev:1;) alert tcp $HOME_NET any -> [187.199.103.21] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.103.21/; sid:900611559; rev:1;) alert tcp $HOME_NET any -> [73.215.22.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.215.22.78/; sid:900611560; rev:1;) alert tcp $HOME_NET any -> [190.28.94.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.94.54/; sid:900611561; rev:1;) alert tcp $HOME_NET any -> [189.222.53.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.53.217/; sid:900611562; rev:1;) alert tcp $HOME_NET any -> [104.219.233.120] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.233.120/; sid:900611563; rev:1;) alert tcp $HOME_NET any -> [92.98.139.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.139.2/; sid:900611564; rev:1;) alert tcp $HOME_NET any -> [91.254.229.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.229.61/; sid:900611565; rev:1;) alert tcp $HOME_NET any -> [70.189.114.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.189.114.159/; sid:900611566; rev:1;) alert tcp $HOME_NET any -> [47.16.77.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.77.136/; sid:900611567; rev:1;) alert tcp $HOME_NET any -> [105.109.157.34] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.157.34/; sid:900611568; rev:1;) alert tcp $HOME_NET any -> [105.109.157.34] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.109.157.34/; sid:900611569; rev:1;) alert tcp $HOME_NET any -> [146.19.173.34] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.34/; sid:900611570; rev:1;) alert tcp $HOME_NET any -> [195.133.192.103] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.103/; sid:900611571; rev:1;) alert tcp $HOME_NET any -> [212.46.38.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.46.38.231/; sid:900611572; rev:1;) alert tcp $HOME_NET any -> [209.141.48.117] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.48.117/; sid:900611573; rev:1;) alert tcp $HOME_NET any -> [92.159.173.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.159.173.52/; sid:900611574; rev:1;) alert tcp $HOME_NET any -> [136.175.69.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.175.69.147/; sid:900611575; rev:1;) alert tcp $HOME_NET any -> [212.70.107.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.107.156/; sid:900611576; rev:1;) alert tcp $HOME_NET any -> [2.50.50.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.50.227/; sid:900611577; rev:1;) alert tcp $HOME_NET any -> [103.123.223.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.121/; sid:900611578; rev:1;) alert tcp $HOME_NET any -> [69.164.228.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.228.175/; sid:900611579; rev:1;) alert tcp $HOME_NET any -> [190.218.125.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.218.125.145/; sid:900611580; rev:1;) alert tcp $HOME_NET any -> [190.90.233.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.90.233.69/; sid:900611581; rev:1;) alert tcp $HOME_NET any -> [151.48.158.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.48.158.236/; sid:900611582; rev:1;) alert tcp $HOME_NET any -> [49.175.72.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.156/; sid:900611583; rev:1;) alert tcp $HOME_NET any -> [115.87.227.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.87.227.49/; sid:900611584; rev:1;) alert tcp $HOME_NET any -> [202.187.95.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.95.12/; sid:900611585; rev:1;) alert tcp $HOME_NET any -> [51.77.41.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.41.141/; sid:900611586; rev:1;) alert tcp $HOME_NET any -> [51.83.250.168] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.250.168/; sid:900611587; rev:1;) alert tcp $HOME_NET any -> [145.239.31.136] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.31.136/; sid:900611588; rev:1;) alert tcp $HOME_NET any -> [91.235.234.107] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.234.107/; sid:900611589; rev:1;) alert tcp $HOME_NET any -> [185.123.53.173] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.123.53.173/; sid:900611590; rev:1;) alert tcp $HOME_NET any -> [193.109.120.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.109.120.71/; sid:900611591; rev:1;) alert tcp $HOME_NET any -> [195.20.17.210] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.20.17.210/; sid:900611592; rev:1;) alert tcp $HOME_NET any -> [104.168.171.97] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.171.97/; sid:900611593; rev:1;) alert tcp $HOME_NET any -> [149.255.35.163] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.163/; sid:900611594; rev:1;) alert tcp $HOME_NET any -> [149.255.35.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.35.138/; sid:900611595; rev:1;) alert tcp $HOME_NET any -> [186.64.67.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.3/; sid:900611596; rev:1;) alert tcp $HOME_NET any -> [47.61.70.76] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.61.70.76/; sid:900611597; rev:1;) alert tcp $HOME_NET any -> [217.165.232.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.232.217/; sid:900611598; rev:1;) alert tcp $HOME_NET any -> [86.166.76.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.166.76.246/; sid:900611599; rev:1;) alert tcp $HOME_NET any -> [70.53.96.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.96.223/; sid:900611600; rev:1;) alert tcp $HOME_NET any -> [212.70.98.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.141/; sid:900611601; rev:1;) alert tcp $HOME_NET any -> [200.84.195.17] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.195.17/; sid:900611602; rev:1;) alert tcp $HOME_NET any -> [105.186.191.24] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.191.24/; sid:900611603; rev:1;) alert tcp $HOME_NET any -> [31.166.152.157] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.166.152.157/; sid:900611604; rev:1;) alert tcp $HOME_NET any -> [2.49.58.47] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.49.58.47/; sid:900611605; rev:1;) alert tcp $HOME_NET any -> [83.7.55.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.7.55.212/; sid:900611606; rev:1;) alert tcp $HOME_NET any -> [202.187.87.178] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.87.178/; sid:900611607; rev:1;) alert tcp $HOME_NET any -> [201.249.12.75] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.249.12.75/; sid:900611608; rev:1;) alert tcp $HOME_NET any -> [92.20.204.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.20.204.198/; sid:900611609; rev:1;) alert tcp $HOME_NET any -> [180.162.231.210] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.162.231.210/; sid:900611610; rev:1;) alert tcp $HOME_NET any -> [122.184.143.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.84/; sid:900611611; rev:1;) alert tcp $HOME_NET any -> [64.237.245.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.245.195/; sid:900611612; rev:1;) alert tcp $HOME_NET any -> [94.200.183.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.183.66/; sid:900611613; rev:1;) alert tcp $HOME_NET any -> [78.19.1.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.19.1.3/; sid:900611614; rev:1;) alert tcp $HOME_NET any -> [103.123.223.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.144/; sid:900611615; rev:1;) alert tcp $HOME_NET any -> [178.153.2.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.2.76/; sid:900611616; rev:1;) alert tcp $HOME_NET any -> [39.55.251.26] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.55.251.26/; sid:900611617; rev:1;) alert tcp $HOME_NET any -> [86.165.156.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.156.39/; sid:900611618; rev:1;) alert tcp $HOME_NET any -> [90.55.105.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.55.105.42/; sid:900611619; rev:1;) alert tcp $HOME_NET any -> [31.104.18.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.104.18.253/; sid:900611620; rev:1;) alert tcp $HOME_NET any -> [138.197.14.67] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.14.67/; sid:900611621; rev:1;) alert tcp $HOME_NET any -> [93.84.115.205] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.84.115.205/; sid:900611622; rev:1;) alert tcp $HOME_NET any -> [92.1.170.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.1.170.110/; sid:900611623; rev:1;) alert tcp $HOME_NET any -> [80.42.186.99] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.42.186.99/; sid:900611624; rev:1;) alert tcp $HOME_NET any -> [71.65.145.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.65.145.108/; sid:900611625; rev:1;) alert tcp $HOME_NET any -> [46.10.198.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.10.198.134/; sid:900611626; rev:1;) alert tcp $HOME_NET any -> [24.178.201.230] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.201.230/; sid:900611627; rev:1;) alert tcp $HOME_NET any -> [84.216.198.124] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.216.198.124/; sid:900611628; rev:1;) alert tcp $HOME_NET any -> [102.159.236.172] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.236.172/; sid:900611629; rev:1;) alert tcp $HOME_NET any -> [174.21.72.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.21.72.135/; sid:900611630; rev:1;) alert tcp $HOME_NET any -> [176.202.46.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.46.81/; sid:900611631; rev:1;) alert tcp $HOME_NET any -> [37.186.55.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.60/; sid:900611632; rev:1;) alert tcp $HOME_NET any -> [186.64.67.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.54/; sid:900611633; rev:1;) alert tcp $HOME_NET any -> [197.14.148.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.148.149/; sid:900611634; rev:1;) alert tcp $HOME_NET any -> [78.196.246.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.196.246.32/; sid:900611635; rev:1;) alert tcp $HOME_NET any -> [86.130.9.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.213/; sid:900611636; rev:1;) alert tcp $HOME_NET any -> [201.137.185.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.185.109/; sid:900611637; rev:1;) alert tcp $HOME_NET any -> [190.75.139.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.139.66/; sid:900611638; rev:1;) alert tcp $HOME_NET any -> [178.175.187.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.175.187.254/; sid:900611639; rev:1;) alert tcp $HOME_NET any -> [2.14.105.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.105.160/; sid:900611640; rev:1;) alert tcp $HOME_NET any -> [23.251.92.171] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.251.92.171/; sid:900611641; rev:1;) alert tcp $HOME_NET any -> [31.48.18.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.48.18.52/; sid:900611642; rev:1;) alert tcp $HOME_NET any -> [190.28.116.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.116.106/; sid:900611643; rev:1;) alert tcp $HOME_NET any -> [86.178.33.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.20/; sid:900611644; rev:1;) alert tcp $HOME_NET any -> [65.94.87.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.87.200/; sid:900611645; rev:1;) alert tcp $HOME_NET any -> [23.254.161.46] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.161.46/; sid:900611646; rev:1;) alert tcp $HOME_NET any -> [65.95.49.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.49.237/; sid:900611647; rev:1;) alert tcp $HOME_NET any -> [186.48.181.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.48.181.17/; sid:900611648; rev:1;) alert tcp $HOME_NET any -> [196.70.212.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.70.212.80/; sid:900611649; rev:1;) alert tcp $HOME_NET any -> [67.248.21.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.21.32/; sid:900611650; rev:1;) alert tcp $HOME_NET any -> [49.175.72.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.7/; sid:900611651; rev:1;) alert tcp $HOME_NET any -> [47.16.77.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.77.194/; sid:900611652; rev:1;) alert tcp $HOME_NET any -> [220.77.183.218] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.77.183.218/; sid:900611653; rev:1;) alert tcp $HOME_NET any -> [217.165.247.145] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.247.145/; sid:900611654; rev:1;) alert tcp $HOME_NET any -> [188.176.171.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.176.171.3/; sid:900611655; rev:1;) alert tcp $HOME_NET any -> [80.12.88.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.88.148/; sid:900611656; rev:1;) alert tcp $HOME_NET any -> [88.122.133.88] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.122.133.88/; sid:900611657; rev:1;) alert tcp $HOME_NET any -> [85.84.119.210] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.84.119.210/; sid:900611658; rev:1;) alert tcp $HOME_NET any -> [89.32.159.107] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.159.107/; sid:900611659; rev:1;) alert tcp $HOME_NET any -> [76.71.137.91] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.71.137.91/; sid:900611660; rev:1;) alert tcp $HOME_NET any -> [45.243.162.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.162.199/; sid:900611661; rev:1;) alert tcp $HOME_NET any -> [66.35.125.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.114/; sid:900611662; rev:1;) alert tcp $HOME_NET any -> [173.185.50.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.185.50.218/; sid:900611663; rev:1;) alert tcp $HOME_NET any -> [31.190.219.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.219.141/; sid:900611664; rev:1;) alert tcp $HOME_NET any -> [45.61.187.225] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.225/; sid:900611665; rev:1;) alert tcp $HOME_NET any -> [82.127.172.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.172.214/; sid:900611666; rev:1;) alert tcp $HOME_NET any -> [122.184.143.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.85/; sid:900611667; rev:1;) alert tcp $HOME_NET any -> [201.171.239.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.239.42/; sid:900611668; rev:1;) alert tcp $HOME_NET any -> [87.220.204.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.204.179/; sid:900611669; rev:1;) alert tcp $HOME_NET any -> [68.109.240.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.109.240.71/; sid:900611670; rev:1;) alert tcp $HOME_NET any -> [78.16.156.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.156.188/; sid:900611671; rev:1;) alert tcp $HOME_NET any -> [197.14.217.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.217.175/; sid:900611672; rev:1;) alert tcp $HOME_NET any -> [41.227.92.194] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.92.194/; sid:900611673; rev:1;) alert tcp $HOME_NET any -> [67.193.6.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.193.6.69/; sid:900611674; rev:1;) alert tcp $HOME_NET any -> [103.123.223.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.132/; sid:900611675; rev:1;) alert tcp $HOME_NET any -> [151.65.134.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.134.135/; sid:900611676; rev:1;) alert tcp $HOME_NET any -> [109.218.83.111] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.83.111/; sid:900611677; rev:1;) alert tcp $HOME_NET any -> [45.66.248.61] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.248.61/; sid:900611678; rev:1;) alert tcp $HOME_NET any -> [194.135.33.139] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.139/; sid:900611679; rev:1;) alert tcp $HOME_NET any -> [195.133.192.26] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.192.26/; sid:900611680; rev:1;) alert tcp $HOME_NET any -> [64.44.101.102] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.101.102/; sid:900611681; rev:1;) alert tcp $HOME_NET any -> [91.206.178.68] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.206.178.68/; sid:900611682; rev:1;) alert tcp $HOME_NET any -> [193.109.120.252] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.109.120.252/; sid:900611683; rev:1;) alert tcp $HOME_NET any -> [198.98.57.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.57.185/; sid:900611684; rev:1;) alert tcp $HOME_NET any -> [209.141.51.65] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.51.65/; sid:900611685; rev:1;) alert tcp $HOME_NET any -> [80.107.149.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.107.149.84/; sid:900611686; rev:1;) alert tcp $HOME_NET any -> [159.65.88.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.88.10/; sid:900611687; rev:1;) alert tcp $HOME_NET any -> [163.44.196.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.44.196.120/; sid:900611688; rev:1;) alert tcp $HOME_NET any -> [107.170.39.149] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.39.149/; sid:900611689; rev:1;) alert tcp $HOME_NET any -> [1.234.2.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.2.232/; sid:900611690; rev:1;) alert tcp $HOME_NET any -> [45.66.248.156] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.248.156/; sid:900611691; rev:1;) alert tcp $HOME_NET any -> [23.106.215.233] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.215.233/; sid:900611692; rev:1;) alert tcp $HOME_NET any -> [45.61.187.204] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.204/; sid:900611693; rev:1;) alert tcp $HOME_NET any -> [91.245.254.96] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.245.254.96/; sid:900611694; rev:1;) alert tcp $HOME_NET any -> [31.53.29.195] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.195/; sid:900611695; rev:1;) alert tcp $HOME_NET any -> [71.171.83.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.171.83.69/; sid:900611696; rev:1;) alert tcp $HOME_NET any -> [86.191.9.6] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.191.9.6/; sid:900611697; rev:1;) alert tcp $HOME_NET any -> [91.2.135.211] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.2.135.211/; sid:900611698; rev:1;) alert tcp $HOME_NET any -> [78.159.144.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.144.244/; sid:900611699; rev:1;) alert tcp $HOME_NET any -> [80.76.163.207] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.207/; sid:900611700; rev:1;) alert tcp $HOME_NET any -> [99.253.131.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.253.131.148/; sid:900611701; rev:1;) alert tcp $HOME_NET any -> [122.184.143.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.86/; sid:900611702; rev:1;) alert tcp $HOME_NET any -> [178.152.121.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.121.81/; sid:900611703; rev:1;) alert tcp $HOME_NET any -> [49.245.95.124] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.95.124/; sid:900611704; rev:1;) alert tcp $HOME_NET any -> [98.222.212.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.222.212.149/; sid:900611705; rev:1;) alert tcp $HOME_NET any -> [151.65.74.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.74.186/; sid:900611706; rev:1;) alert tcp $HOME_NET any -> [197.26.144.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.144.209/; sid:900611707; rev:1;) alert tcp $HOME_NET any -> [70.53.31.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.31.142/; sid:900611708; rev:1;) alert tcp $HOME_NET any -> [119.82.120.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.120.175/; sid:900611709; rev:1;) alert tcp $HOME_NET any -> [104.168.218.74] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.218.74/; sid:900611710; rev:1;) alert tcp $HOME_NET any -> [2.14.137.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.137.60/; sid:900611711; rev:1;) alert tcp $HOME_NET any -> [71.231.150.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.231.150.81/; sid:900611712; rev:1;) alert tcp $HOME_NET any -> [109.146.46.4] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.146.46.4/; sid:900611713; rev:1;) alert tcp $HOME_NET any -> [200.109.6.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.6.16/; sid:900611714; rev:1;) alert tcp $HOME_NET any -> [188.79.242.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.79.242.89/; sid:900611715; rev:1;) alert tcp $HOME_NET any -> [182.178.178.105] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.178.178.105/; sid:900611716; rev:1;) alert tcp $HOME_NET any -> [94.5.98.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.5.98.77/; sid:900611717; rev:1;) alert tcp $HOME_NET any -> [174.119.104.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.119.104.47/; sid:900611718; rev:1;) alert tcp $HOME_NET any -> [86.188.92.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.188.92.7/; sid:900611719; rev:1;) alert tcp $HOME_NET any -> [46.65.48.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.65.48.161/; sid:900611720; rev:1;) alert tcp $HOME_NET any -> [85.245.51.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.245.51.95/; sid:900611721; rev:1;) alert tcp $HOME_NET any -> [175.156.65.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.156.65.126/; sid:900611722; rev:1;) alert tcp $HOME_NET any -> [161.142.103.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.103.5/; sid:900611723; rev:1;) alert tcp $HOME_NET any -> [157.119.85.203] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.85.203/; sid:900611724; rev:1;) alert tcp $HOME_NET any -> [86.98.17.65] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.17.65/; sid:900611725; rev:1;) alert tcp $HOME_NET any -> [103.252.7.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.252.7.238/; sid:900611726; rev:1;) alert tcp $HOME_NET any -> [84.215.202.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.215.202.8/; sid:900611727; rev:1;) alert tcp $HOME_NET any -> [2.98.147.157] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.98.147.157/; sid:900611728; rev:1;) alert tcp $HOME_NET any -> [176.224.85.237] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.224.85.237/; sid:900611729; rev:1;) alert tcp $HOME_NET any -> [78.16.156.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.156.25/; sid:900611730; rev:1;) alert tcp $HOME_NET any -> [190.199.184.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.184.114/; sid:900611731; rev:1;) alert tcp $HOME_NET any -> [109.49.47.10] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.49.47.10/; sid:900611732; rev:1;) alert tcp $HOME_NET any -> [107.189.1.219] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.1.219/; sid:900611733; rev:1;) alert tcp $HOME_NET any -> [142.11.238.7] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.238.7/; sid:900611734; rev:1;) alert tcp $HOME_NET any -> [173.176.4.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.176.4.133/; sid:900611735; rev:1;) alert tcp $HOME_NET any -> [47.132.248.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.132.248.132/; sid:900611736; rev:1;) alert tcp $HOME_NET any -> [67.71.21.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.71.21.193/; sid:900611737; rev:1;) alert tcp $HOME_NET any -> [72.222.73.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.222.73.150/; sid:900611738; rev:1;) alert tcp $HOME_NET any -> [98.22.24.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.24.81/; sid:900611739; rev:1;) alert tcp $HOME_NET any -> [31.53.29.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.156/; sid:900611740; rev:1;) alert tcp $HOME_NET any -> [102.158.166.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.166.192/; sid:900611741; rev:1;) alert tcp $HOME_NET any -> [70.55.67.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.67.13/; sid:900611742; rev:1;) alert tcp $HOME_NET any -> [67.10.2.240] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.2.240/; sid:900611743; rev:1;) alert tcp $HOME_NET any -> [142.122.61.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.122.61.8/; sid:900611744; rev:1;) alert tcp $HOME_NET any -> [69.159.159.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.159.108/; sid:900611745; rev:1;) alert tcp $HOME_NET any -> [186.64.67.37] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.37/; sid:900611746; rev:1;) alert tcp $HOME_NET any -> [92.149.250.113] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.149.250.113/; sid:900611747; rev:1;) alert tcp $HOME_NET any -> [209.126.85.32] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.85.32/; sid:900611748; rev:1;) alert tcp $HOME_NET any -> [97.90.245.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.90.245.22/; sid:900611749; rev:1;) alert tcp $HOME_NET any -> [223.167.12.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.167.12.241/; sid:900611750; rev:1;) alert tcp $HOME_NET any -> [2.50.16.41] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.16.41/; sid:900611751; rev:1;) alert tcp $HOME_NET any -> [217.165.234.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.234.168/; sid:900611752; rev:1;) alert tcp $HOME_NET any -> [109.57.17.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.57.17.199/; sid:900611753; rev:1;) alert tcp $HOME_NET any -> [94.30.86.216] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.30.86.216/; sid:900611754; rev:1;) alert tcp $HOME_NET any -> [90.55.106.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.55.106.37/; sid:900611755; rev:1;) alert tcp $HOME_NET any -> [2.14.137.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.137.211/; sid:900611756; rev:1;) alert tcp $HOME_NET any -> [86.209.22.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.209.22.193/; sid:900611757; rev:1;) alert tcp $HOME_NET any -> [37.186.55.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.238/; sid:900611758; rev:1;) alert tcp $HOME_NET any -> [73.1.85.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.1.85.92/; sid:900611759; rev:1;) alert tcp $HOME_NET any -> [104.168.218.224] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.218.224/; sid:900611760; rev:1;) alert tcp $HOME_NET any -> [87.223.92.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.92.143/; sid:900611761; rev:1;) alert tcp $HOME_NET any -> [192.198.82.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.198.82.59/; sid:900611762; rev:1;) alert tcp $HOME_NET any -> [146.70.152.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.152.221/; sid:900611763; rev:1;) alert tcp $HOME_NET any -> [192.236.193.215] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.193.215/; sid:900611764; rev:1;) alert tcp $HOME_NET any -> [194.135.33.90] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.90/; sid:900611765; rev:1;) alert tcp $HOME_NET any -> [205.185.127.176] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.127.176/; sid:900611766; rev:1;) alert tcp $HOME_NET any -> [103.175.16.133] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.133/; sid:900611767; rev:1;) alert tcp $HOME_NET any -> [82.155.108.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.155.108.153/; sid:900611768; rev:1;) alert tcp $HOME_NET any -> [100.6.3.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.6.3.139/; sid:900611769; rev:1;) alert tcp $HOME_NET any -> [216.210.65.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.210.65.47/; sid:900611770; rev:1;) alert tcp $HOME_NET any -> [86.97.68.68] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.68.68/; sid:900611771; rev:1;) alert tcp $HOME_NET any -> [102.158.63.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.63.36/; sid:900611772; rev:1;) alert tcp $HOME_NET any -> [103.140.174.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.174.20/; sid:900611773; rev:1;) alert tcp $HOME_NET any -> [172.115.17.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.115.17.50/; sid:900611774; rev:1;) alert tcp $HOME_NET any -> [122.186.210.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.210.254/; sid:900611775; rev:1;) alert tcp $HOME_NET any -> [212.70.98.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.161/; sid:900611776; rev:1;) alert tcp $HOME_NET any -> [67.219.197.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.219.197.94/; sid:900611777; rev:1;) alert tcp $HOME_NET any -> [182.185.248.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.185.248.125/; sid:900611778; rev:1;) alert tcp $HOME_NET any -> [47.205.18.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.205.18.103/; sid:900611779; rev:1;) alert tcp $HOME_NET any -> [71.38.155.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.38.155.217/; sid:900611780; rev:1;) alert tcp $HOME_NET any -> [72.134.124.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.134.124.16/; sid:900611781; rev:1;) alert tcp $HOME_NET any -> [72.205.104.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.205.104.134/; sid:900611782; rev:1;) alert tcp $HOME_NET any -> [124.246.122.199] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.246.122.199/; sid:900611783; rev:1;) alert tcp $HOME_NET any -> [23.82.140.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.82.140.100/; sid:900611784; rev:1;) alert tcp $HOME_NET any -> [192.119.66.138] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.66.138/; sid:900611785; rev:1;) alert tcp $HOME_NET any -> [209.216.123.118] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.216.123.118/; sid:900611786; rev:1;) alert tcp $HOME_NET any -> [183.82.107.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.107.190/; sid:900611787; rev:1;) alert tcp $HOME_NET any -> [109.154.254.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.154.254.126/; sid:900611788; rev:1;) alert tcp $HOME_NET any -> [109.153.195.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.153.195.56/; sid:900611789; rev:1;) alert tcp $HOME_NET any -> [45.66.248.64] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.248.64/; sid:900611790; rev:1;) alert tcp $HOME_NET any -> [182.75.189.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.75.189.42/; sid:900611791; rev:1;) alert tcp $HOME_NET any -> [90.211.192.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.211.192.113/; sid:900611792; rev:1;) alert tcp $HOME_NET any -> [151.65.229.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.229.12/; sid:900611793; rev:1;) alert tcp $HOME_NET any -> [192.236.146.147] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.146.147/; sid:900611794; rev:1;) alert tcp $HOME_NET any -> [66.227.195.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.227.195.237/; sid:900611795; rev:1;) alert tcp $HOME_NET any -> [2.56.10.16] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.56.10.16/; sid:900611796; rev:1;) alert tcp $HOME_NET any -> [112.222.83.147] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.222.83.147/; sid:900611797; rev:1;) alert tcp $HOME_NET any -> [23.251.65.87] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.251.65.87/; sid:900611798; rev:1;) alert tcp $HOME_NET any -> [45.61.187.10] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.10/; sid:900611799; rev:1;) alert tcp $HOME_NET any -> [45.61.187.170] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.187.170/; sid:900611800; rev:1;) alert tcp $HOME_NET any -> [99.252.190.205] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.252.190.205/; sid:900611801; rev:1;) alert tcp $HOME_NET any -> [23.254.229.210] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.229.210/; sid:900611802; rev:1;) alert tcp $HOME_NET any -> [108.62.118.59] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.62.118.59/; sid:900611803; rev:1;) alert tcp $HOME_NET any -> [186.64.67.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.57/; sid:900611804; rev:1;) alert tcp $HOME_NET any -> [74.92.243.115] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.92.243.115/; sid:900611805; rev:1;) alert tcp $HOME_NET any -> [93.150.183.229] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.150.183.229/; sid:900611806; rev:1;) alert tcp $HOME_NET any -> [24.236.90.196] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.90.196/; sid:900611807; rev:1;) alert tcp $HOME_NET any -> [90.93.132.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.93.132.149/; sid:900611808; rev:1;) alert tcp $HOME_NET any -> [200.84.207.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.207.143/; sid:900611809; rev:1;) alert tcp $HOME_NET any -> [96.87.28.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.87.28.170/; sid:900611810; rev:1;) alert tcp $HOME_NET any -> [70.112.206.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.112.206.5/; sid:900611811; rev:1;) alert tcp $HOME_NET any -> [86.97.67.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.67.62/; sid:900611812; rev:1;) alert tcp $HOME_NET any -> [151.62.55.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.55.207/; sid:900611813; rev:1;) alert tcp $HOME_NET any -> [213.66.245.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.66.245.200/; sid:900611814; rev:1;) alert tcp $HOME_NET any -> [86.154.216.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.154.216.221/; sid:900611815; rev:1;) alert tcp $HOME_NET any -> [95.60.243.24] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.60.243.24/; sid:900611816; rev:1;) alert tcp $HOME_NET any -> [109.218.220.228] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.220.228/; sid:900611817; rev:1;) alert tcp $HOME_NET any -> [88.164.20.177] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.164.20.177/; sid:900611818; rev:1;) alert tcp $HOME_NET any -> [86.130.9.243] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.243/; sid:900611819; rev:1;) alert tcp $HOME_NET any -> [209.93.207.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.93.207.224/; sid:900611820; rev:1;) alert tcp $HOME_NET any -> [94.30.31.47] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.30.31.47/; sid:900611821; rev:1;) alert tcp $HOME_NET any -> [70.48.189.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.48.189.240/; sid:900611822; rev:1;) alert tcp $HOME_NET any -> [173.206.86.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.86.239/; sid:900611823; rev:1;) alert tcp $HOME_NET any -> [190.28.74.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.28.74.251/; sid:900611824; rev:1;) alert tcp $HOME_NET any -> [174.115.79.40] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.115.79.40/; sid:900611825; rev:1;) alert tcp $HOME_NET any -> [47.199.241.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.199.241.39/; sid:900611826; rev:1;) alert tcp $HOME_NET any -> [64.44.102.85] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.102.85/; sid:900611827; rev:1;) alert tcp $HOME_NET any -> [173.234.155.143] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.234.155.143/; sid:900611828; rev:1;) alert tcp $HOME_NET any -> [189.222.64.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.64.238/; sid:900611829; rev:1;) alert tcp $HOME_NET any -> [192.119.74.194] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.74.194/; sid:900611830; rev:1;) alert tcp $HOME_NET any -> [91.160.70.68] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.160.70.68/; sid:900611831; rev:1;) alert tcp $HOME_NET any -> [75.163.169.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.163.169.141/; sid:900611832; rev:1;) alert tcp $HOME_NET any -> [46.64.171.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.64.171.68/; sid:900611833; rev:1;) alert tcp $HOME_NET any -> [81.150.42.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.42.123/; sid:900611834; rev:1;) alert tcp $HOME_NET any -> [68.68.170.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.68.170.218/; sid:900611835; rev:1;) alert tcp $HOME_NET any -> [151.65.57.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.57.194/; sid:900611836; rev:1;) alert tcp $HOME_NET any -> [122.184.143.83] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.184.143.83/; sid:900611837; rev:1;) alert tcp $HOME_NET any -> [92.136.51.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.51.189/; sid:900611838; rev:1;) alert tcp $HOME_NET any -> [109.218.244.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.244.210/; sid:900611839; rev:1;) alert tcp $HOME_NET any -> [65.94.84.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.84.173/; sid:900611840; rev:1;) alert tcp $HOME_NET any -> [174.118.63.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.63.123/; sid:900611841; rev:1;) alert tcp $HOME_NET any -> [86.143.119.184] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.143.119.184/; sid:900611842; rev:1;) alert tcp $HOME_NET any -> [197.0.175.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.175.118/; sid:900611843; rev:1;) alert tcp $HOME_NET any -> [70.51.153.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.153.108/; sid:900611844; rev:1;) alert tcp $HOME_NET any -> [84.155.13.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.155.13.118/; sid:900611845; rev:1;) alert tcp $HOME_NET any -> [109.159.119.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.176/; sid:900611846; rev:1;) alert tcp $HOME_NET any -> [45.243.143.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.143.141/; sid:900611847; rev:1;) alert tcp $HOME_NET any -> [71.31.100.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.100.192/; sid:900611848; rev:1;) alert tcp $HOME_NET any -> [184.161.74.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.161.74.73/; sid:900611849; rev:1;) alert tcp $HOME_NET any -> [142.126.173.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.126.173.85/; sid:900611850; rev:1;) alert tcp $HOME_NET any -> [197.204.216.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.216.170/; sid:900611851; rev:1;) alert tcp $HOME_NET any -> [119.82.123.160] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.123.160/; sid:900611852; rev:1;) alert tcp $HOME_NET any -> [41.228.56.8] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.56.8/; sid:900611853; rev:1;) alert tcp $HOME_NET any -> [66.35.127.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.127.94/; sid:900611854; rev:1;) alert tcp $HOME_NET any -> [47.16.74.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.74.194/; sid:900611855; rev:1;) alert tcp $HOME_NET any -> [86.98.23.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.23.66/; sid:900611856; rev:1;) alert tcp $HOME_NET any -> [125.99.76.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.76.102/; sid:900611857; rev:1;) alert tcp $HOME_NET any -> [27.99.32.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.99.32.26/; sid:900611858; rev:1;) alert tcp $HOME_NET any -> [198.98.60.196] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.60.196/; sid:900611859; rev:1;) alert tcp $HOME_NET any -> [146.70.102.73] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.102.73/; sid:900611860; rev:1;) alert tcp $HOME_NET any -> [45.61.184.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.184.8/; sid:900611861; rev:1;) alert tcp $HOME_NET any -> [209.141.48.221] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.48.221/; sid:900611862; rev:1;) alert tcp $HOME_NET any -> [103.144.139.164] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.139.164/; sid:900611863; rev:1;) alert tcp $HOME_NET any -> [103.175.16.208] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.208/; sid:900611864; rev:1;) alert tcp $HOME_NET any -> [37.189.1.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.189.1.102/; sid:900611865; rev:1;) alert tcp $HOME_NET any -> [176.171.4.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.171.4.107/; sid:900611866; rev:1;) alert tcp $HOME_NET any -> [139.226.47.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.226.47.229/; sid:900611867; rev:1;) alert tcp $HOME_NET any -> [23.106.215.141] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.106.215.141/; sid:900611868; rev:1;) alert tcp $HOME_NET any -> [51.83.255.85] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.255.85/; sid:900611869; rev:1;) alert tcp $HOME_NET any -> [104.168.244.96] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.244.96/; sid:900611870; rev:1;) alert tcp $HOME_NET any -> [192.119.81.86] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.81.86/; sid:900611871; rev:1;) alert tcp $HOME_NET any -> [75.109.111.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.89/; sid:900611872; rev:1;) alert tcp $HOME_NET any -> [102.158.82.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.82.17/; sid:900611873; rev:1;) alert tcp $HOME_NET any -> [109.50.143.218] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.143.218/; sid:900611874; rev:1;) alert tcp $HOME_NET any -> [213.67.139.53] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.67.139.53/; sid:900611875; rev:1;) alert tcp $HOME_NET any -> [190.78.69.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.78.69.250/; sid:900611876; rev:1;) alert tcp $HOME_NET any -> [71.31.232.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.232.65/; sid:900611877; rev:1;) alert tcp $HOME_NET any -> [186.64.87.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.204/; sid:900611878; rev:1;) alert tcp $HOME_NET any -> [197.3.198.241] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.3.198.241/; sid:900611879; rev:1;) alert tcp $HOME_NET any -> [92.97.115.255] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.255/; sid:900611880; rev:1;) alert tcp $HOME_NET any -> [197.94.95.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.95.20/; sid:900611881; rev:1;) alert tcp $HOME_NET any -> [59.153.96.4] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.153.96.4/; sid:900611882; rev:1;) alert tcp $HOME_NET any -> [109.159.118.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.118.65/; sid:900611883; rev:1;) alert tcp $HOME_NET any -> [41.227.217.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.217.128/; sid:900611884; rev:1;) alert tcp $HOME_NET any -> [76.178.148.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.178.148.107/; sid:900611885; rev:1;) alert tcp $HOME_NET any -> [47.149.134.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.134.231/; sid:900611886; rev:1;) alert tcp $HOME_NET any -> [103.123.223.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.141/; sid:900611887; rev:1;) alert tcp $HOME_NET any -> [83.77.208.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.77.208.166/; sid:900611888; rev:1;) alert tcp $HOME_NET any -> [86.209.8.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.209.8.236/; sid:900611889; rev:1;) alert tcp $HOME_NET any -> [41.62.194.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.194.136/; sid:900611890; rev:1;) alert tcp $HOME_NET any -> [116.74.163.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.163.233/; sid:900611891; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611892; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611893; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611894; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611895; rev:1;) alert tcp $HOME_NET any -> [99.228.131.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.228.131.116/; sid:900611896; rev:1;) alert tcp $HOME_NET any -> [86.97.66.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.66.70/; sid:900611897; rev:1;) alert tcp $HOME_NET any -> [102.156.77.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.77.237/; sid:900611898; rev:1;) alert tcp $HOME_NET any -> [105.184.103.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.103.142/; sid:900611899; rev:1;) alert tcp $HOME_NET any -> [36.152.128.5] 6883 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.152.128.5/; sid:900611900; rev:1;) alert tcp $HOME_NET any -> [81.101.185.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.101.185.146/; sid:900611901; rev:1;) alert tcp $HOME_NET any -> [41.98.24.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.98.24.187/; sid:900611902; rev:1;) alert tcp $HOME_NET any -> [100.6.31.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.6.31.96/; sid:900611903; rev:1;) alert tcp $HOME_NET any -> [69.123.4.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.123.4.221/; sid:900611904; rev:1;) alert tcp $HOME_NET any -> [92.20.199.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.20.199.185/; sid:900611905; rev:1;) alert tcp $HOME_NET any -> [149.3.170.94] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.94/; sid:900611906; rev:1;) alert tcp $HOME_NET any -> [146.59.116.79] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.59.116.79/; sid:900611907; rev:1;) alert tcp $HOME_NET any -> [27.253.11.10] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.253.11.10/; sid:900611908; rev:1;) alert tcp $HOME_NET any -> [194.15.216.247] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.216.247/; sid:900611909; rev:1;) alert tcp $HOME_NET any -> [104.168.175.81] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.175.81/; sid:900611910; rev:1;) alert tcp $HOME_NET any -> [23.30.22.225] 50003 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.30.22.225/; sid:900611911; rev:1;) alert tcp $HOME_NET any -> [92.97.227.224] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.227.224/; sid:900611912; rev:1;) alert tcp $HOME_NET any -> [86.171.191.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.171.191.31/; sid:900611913; rev:1;) alert tcp $HOME_NET any -> [86.99.79.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.79.136/; sid:900611914; rev:1;) alert tcp $HOME_NET any -> [77.126.185.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.126.185.173/; sid:900611915; rev:1;) alert tcp $HOME_NET any -> [86.130.9.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.222/; sid:900611916; rev:1;) alert tcp $HOME_NET any -> [200.90.67.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.67.216/; sid:900611917; rev:1;) alert tcp $HOME_NET any -> [23.30.22.225] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.30.22.225/; sid:900611918; rev:1;) alert tcp $HOME_NET any -> [23.30.22.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.30.22.225/; sid:900611919; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611920; rev:1;) alert tcp $HOME_NET any -> [186.64.67.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.25/; sid:900611921; rev:1;) alert tcp $HOME_NET any -> [82.1.168.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.1.168.218/; sid:900611922; rev:1;) alert tcp $HOME_NET any -> [90.70.150.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.70.150.94/; sid:900611923; rev:1;) alert tcp $HOME_NET any -> [85.2.185.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.2.185.70/; sid:900611924; rev:1;) alert tcp $HOME_NET any -> [192.254.79.106] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.79.106/; sid:900611925; rev:1;) alert tcp $HOME_NET any -> [103.175.16.149] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.149/; sid:900611926; rev:1;) alert tcp $HOME_NET any -> [14.200.181.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.200.181.108/; sid:900611927; rev:1;) alert tcp $HOME_NET any -> [102.158.69.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.69.237/; sid:900611928; rev:1;) alert tcp $HOME_NET any -> [90.4.110.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.4.110.221/; sid:900611929; rev:1;) alert tcp $HOME_NET any -> [109.159.118.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.118.107/; sid:900611930; rev:1;) alert tcp $HOME_NET any -> [151.62.160.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.160.232/; sid:900611931; rev:1;) alert tcp $HOME_NET any -> [79.42.241.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.42.241.244/; sid:900611932; rev:1;) alert tcp $HOME_NET any -> [194.59.183.30] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.59.183.30/; sid:900611933; rev:1;) alert tcp $HOME_NET any -> [186.64.67.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.61/; sid:900611934; rev:1;) alert tcp $HOME_NET any -> [76.86.31.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.31.59/; sid:900611935; rev:1;) alert tcp $HOME_NET any -> [78.16.207.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.207.80/; sid:900611936; rev:1;) alert tcp $HOME_NET any -> [41.186.88.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.186.88.38/; sid:900611937; rev:1;) alert tcp $HOME_NET any -> [180.156.215.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.156.215.130/; sid:900611938; rev:1;) alert tcp $HOME_NET any -> [81.147.181.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.147.181.139/; sid:900611939; rev:1;) alert tcp $HOME_NET any -> [86.188.22.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.188.22.217/; sid:900611940; rev:1;) alert tcp $HOME_NET any -> [74.102.98.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.102.98.63/; sid:900611941; rev:1;) alert tcp $HOME_NET any -> [68.229.150.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.229.150.95/; sid:900611942; rev:1;) alert tcp $HOME_NET any -> [124.149.143.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.149.143.189/; sid:900611943; rev:1;) alert tcp $HOME_NET any -> [87.200.170.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.200.170.30/; sid:900611944; rev:1;) alert tcp $HOME_NET any -> [109.218.12.137] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.12.137/; sid:900611945; rev:1;) alert tcp $HOME_NET any -> [103.144.201.56] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.56/; sid:900611946; rev:1;) alert tcp $HOME_NET any -> [90.78.147.141] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.78.147.141/; sid:900611947; rev:1;) alert tcp $HOME_NET any -> [149.3.170.185] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.3.170.185/; sid:900611948; rev:1;) alert tcp $HOME_NET any -> [209.141.58.129] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.129/; sid:900611949; rev:1;) alert tcp $HOME_NET any -> [199.195.249.67] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.249.67/; sid:900611950; rev:1;) alert tcp $HOME_NET any -> [86.178.33.125] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.125/; sid:900611951; rev:1;) alert tcp $HOME_NET any -> [86.171.131.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.171.131.244/; sid:900611952; rev:1;) alert tcp $HOME_NET any -> [41.62.5.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.5.69/; sid:900611953; rev:1;) alert tcp $HOME_NET any -> [187.199.234.229] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.234.229/; sid:900611954; rev:1;) alert tcp $HOME_NET any -> [71.31.232.156] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.232.156/; sid:900611955; rev:1;) alert tcp $HOME_NET any -> [82.131.134.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.131.134.162/; sid:900611956; rev:1;) alert tcp $HOME_NET any -> [189.151.95.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.95.176/; sid:900611957; rev:1;) alert tcp $HOME_NET any -> [202.186.177.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.186.177.220/; sid:900611958; rev:1;) alert tcp $HOME_NET any -> [151.62.97.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.97.204/; sid:900611959; rev:1;) alert tcp $HOME_NET any -> [86.130.9.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.214/; sid:900611960; rev:1;) alert tcp $HOME_NET any -> [23.254.225.249] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.225.249/; sid:900611961; rev:1;) alert tcp $HOME_NET any -> [142.11.195.231] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.195.231/; sid:900611962; rev:1;) alert tcp $HOME_NET any -> [45.243.231.146] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.231.146/; sid:900611963; rev:1;) alert tcp $HOME_NET any -> [81.156.1.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.156.1.223/; sid:900611964; rev:1;) alert tcp $HOME_NET any -> [109.153.252.176] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.153.252.176/; sid:900611966; rev:1;) alert tcp $HOME_NET any -> [95.60.243.119] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.60.243.119/; sid:900611967; rev:1;) alert tcp $HOME_NET any -> [174.119.140.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.119.140.242/; sid:900611968; rev:1;) alert tcp $HOME_NET any -> [173.18.122.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.122.24/; sid:900611969; rev:1;) alert tcp $HOME_NET any -> [71.30.208.174] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.30.208.174/; sid:900611970; rev:1;) alert tcp $HOME_NET any -> [109.218.242.15] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.242.15/; sid:900611971; rev:1;) alert tcp $HOME_NET any -> [187.199.85.154] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.85.154/; sid:900611972; rev:1;) alert tcp $HOME_NET any -> [54.37.130.121] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.130.121/; sid:900611973; rev:1;) alert tcp $HOME_NET any -> [190.75.64.251] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.64.251/; sid:900611974; rev:1;) alert tcp $HOME_NET any -> [119.82.120.15] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.120.15/; sid:900611975; rev:1;) alert tcp $HOME_NET any -> [85.85.160.57] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.85.160.57/; sid:900611976; rev:1;) alert tcp $HOME_NET any -> [86.176.80.98] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.80.98/; sid:900611977; rev:1;) alert tcp $HOME_NET any -> [70.26.75.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.26.75.148/; sid:900611978; rev:1;) alert tcp $HOME_NET any -> [41.62.106.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.106.252/; sid:900611979; rev:1;) alert tcp $HOME_NET any -> [41.230.144.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.144.48/; sid:900611980; rev:1;) alert tcp $HOME_NET any -> [75.90.41.108] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.90.41.108/; sid:900611981; rev:1;) alert tcp $HOME_NET any -> [197.1.229.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.229.119/; sid:900611982; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900611983; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900611984; rev:1;) alert tcp $HOME_NET any -> [89.36.206.220] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.220/; sid:900611985; rev:1;) alert tcp $HOME_NET any -> [24.139.11.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.11.137/; sid:900611986; rev:1;) alert tcp $HOME_NET any -> [184.182.66.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.182.66.109/; sid:900611987; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900611988; rev:1;) alert tcp $HOME_NET any -> [173.88.135.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.88.135.179/; sid:900611989; rev:1;) alert tcp $HOME_NET any -> [93.238.52.211] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.238.52.211/; sid:900611990; rev:1;) alert tcp $HOME_NET any -> [91.35.212.133] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.35.212.133/; sid:900611991; rev:1;) alert tcp $HOME_NET any -> [90.104.151.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.104.151.37/; sid:900611992; rev:1;) alert tcp $HOME_NET any -> [92.9.45.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.9.45.20/; sid:900611993; rev:1;) alert tcp $HOME_NET any -> [47.205.25.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.205.25.170/; sid:900611994; rev:1;) alert tcp $HOME_NET any -> [176.202.45.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.45.209/; sid:900611995; rev:1;) alert tcp $HOME_NET any -> [103.175.16.150] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.150/; sid:900611996; rev:1;) alert tcp $HOME_NET any -> [146.70.155.82] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.155.82/; sid:900611997; rev:1;) alert tcp $HOME_NET any -> [87.221.197.91] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.91/; sid:900611998; rev:1;) alert tcp $HOME_NET any -> [95.60.243.16] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.60.243.16/; sid:900611999; rev:1;) alert tcp $HOME_NET any -> [190.206.92.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.206.92.41/; sid:900612000; rev:1;) alert tcp $HOME_NET any -> [96.56.197.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.197.26/; sid:900612001; rev:1;) alert tcp $HOME_NET any -> [49.175.72.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.99/; sid:900612002; rev:1;) alert tcp $HOME_NET any -> [45.246.235.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.246.235.177/; sid:900612003; rev:1;) alert tcp $HOME_NET any -> [103.111.70.66] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.66/; sid:900612004; rev:1;) alert tcp $HOME_NET any -> [103.111.70.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.70.66/; sid:900612005; rev:1;) alert tcp $HOME_NET any -> [103.87.128.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.128.228/; sid:900612006; rev:1;) alert tcp $HOME_NET any -> [2.36.64.159] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.36.64.159/; sid:900612007; rev:1;) alert tcp $HOME_NET any -> [86.99.49.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.49.64/; sid:900612008; rev:1;) alert tcp $HOME_NET any -> [187.199.153.185] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.153.185/; sid:900612009; rev:1;) alert tcp $HOME_NET any -> [41.230.166.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.166.18/; sid:900612010; rev:1;) alert tcp $HOME_NET any -> [102.157.224.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.224.79/; sid:900612011; rev:1;) alert tcp $HOME_NET any -> [2.14.24.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.24.66/; sid:900612012; rev:1;) alert tcp $HOME_NET any -> [86.176.80.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.80.81/; sid:900612013; rev:1;) alert tcp $HOME_NET any -> [119.82.121.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.121.87/; sid:900612014; rev:1;) alert tcp $HOME_NET any -> [105.186.229.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.229.208/; sid:900612015; rev:1;) alert tcp $HOME_NET any -> [103.123.223.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.130/; sid:900612016; rev:1;) alert tcp $HOME_NET any -> [41.227.100.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.100.85/; sid:900612017; rev:1;) alert tcp $HOME_NET any -> [109.146.56.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.146.56.176/; sid:900612018; rev:1;) alert tcp $HOME_NET any -> [50.5.45.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.5.45.204/; sid:900612019; rev:1;) alert tcp $HOME_NET any -> [31.190.242.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.242.0/; sid:900612020; rev:1;) alert tcp $HOME_NET any -> [69.242.31.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.242.31.249/; sid:900612021; rev:1;) alert tcp $HOME_NET any -> [86.96.72.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.72.175/; sid:900612022; rev:1;) alert tcp $HOME_NET any -> [161.142.98.36] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.98.36/; sid:900612023; rev:1;) alert tcp $HOME_NET any -> [85.240.173.251] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.240.173.251/; sid:900612024; rev:1;) alert tcp $HOME_NET any -> [217.165.239.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.239.223/; sid:900612025; rev:1;) alert tcp $HOME_NET any -> [151.213.66.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.66.34/; sid:900612026; rev:1;) alert tcp $HOME_NET any -> [31.53.29.207] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.207/; sid:900612027; rev:1;) alert tcp $HOME_NET any -> [147.147.30.126] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.147.30.126/; sid:900612028; rev:1;) alert tcp $HOME_NET any -> [86.130.9.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.135/; sid:900612029; rev:1;) alert tcp $HOME_NET any -> [109.149.148.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.148.20/; sid:900612030; rev:1;) alert tcp $HOME_NET any -> [95.60.243.19] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.60.243.19/; sid:900612031; rev:1;) alert tcp $HOME_NET any -> [200.90.68.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.68.166/; sid:900612032; rev:1;) alert tcp $HOME_NET any -> [197.94.78.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.78.32/; sid:900612033; rev:1;) alert tcp $HOME_NET any -> [102.159.219.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.219.132/; sid:900612034; rev:1;) alert tcp $HOME_NET any -> [91.82.4.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.4.46/; sid:900612035; rev:1;) alert tcp $HOME_NET any -> [85.84.222.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.84.222.49/; sid:900612036; rev:1;) alert tcp $HOME_NET any -> [81.159.211.209] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.159.211.209/; sid:900612037; rev:1;) alert tcp $HOME_NET any -> [46.24.47.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.47.205/; sid:900612038; rev:1;) alert tcp $HOME_NET any -> [109.149.147.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.12/; sid:900612039; rev:1;) alert tcp $HOME_NET any -> [24.236.90.197] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.90.197/; sid:900612040; rev:1;) alert tcp $HOME_NET any -> [89.114.140.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.114.140.100/; sid:900612041; rev:1;) alert tcp $HOME_NET any -> [102.156.122.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.122.180/; sid:900612042; rev:1;) alert tcp $HOME_NET any -> [197.2.168.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.168.63/; sid:900612043; rev:1;) alert tcp $HOME_NET any -> [85.49.15.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.49.15.245/; sid:900612044; rev:1;) alert tcp $HOME_NET any -> [89.90.151.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.90.151.12/; sid:900612045; rev:1;) alert tcp $HOME_NET any -> [51.83.248.28] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.248.28/; sid:900612046; rev:1;) alert tcp $HOME_NET any -> [192.236.199.191] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.199.191/; sid:900612047; rev:1;) alert tcp $HOME_NET any -> [95.249.6.218] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.249.6.218/; sid:900612048; rev:1;) alert tcp $HOME_NET any -> [172.93.201.207] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.201.207/; sid:900612049; rev:1;) alert tcp $HOME_NET any -> [192.254.79.100] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.79.100/; sid:900612050; rev:1;) alert tcp $HOME_NET any -> [173.184.44.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.184.44.185/; sid:900612051; rev:1;) alert tcp $HOME_NET any -> [2.50.16.10] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.16.10/; sid:900612052; rev:1;) alert tcp $HOME_NET any -> [197.0.185.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.185.62/; sid:900612053; rev:1;) alert tcp $HOME_NET any -> [65.94.85.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.85.74/; sid:900612054; rev:1;) alert tcp $HOME_NET any -> [175.139.205.73] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.205.73/; sid:900612055; rev:1;) alert tcp $HOME_NET any -> [24.69.137.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.137.232/; sid:900612056; rev:1;) alert tcp $HOME_NET any -> [75.106.110.100] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.106.110.100/; sid:900612057; rev:1;) alert tcp $HOME_NET any -> [142.11.206.112] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.206.112/; sid:900612058; rev:1;) alert tcp $HOME_NET any -> [172.93.201.2] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.201.2/; sid:900612059; rev:1;) alert tcp $HOME_NET any -> [198.98.50.197] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.50.197/; sid:900612060; rev:1;) alert tcp $HOME_NET any -> [209.141.46.67] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.46.67/; sid:900612061; rev:1;) alert tcp $HOME_NET any -> [41.62.56.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.56.60/; sid:900612063; rev:1;) alert tcp $HOME_NET any -> [105.184.103.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.103.151/; sid:900612064; rev:1;) alert tcp $HOME_NET any -> [71.104.102.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.104.102.13/; sid:900612065; rev:1;) alert tcp $HOME_NET any -> [217.128.147.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.147.6/; sid:900612066; rev:1;) alert tcp $HOME_NET any -> [82.127.153.75] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.127.153.75/; sid:900612067; rev:1;) alert tcp $HOME_NET any -> [83.110.223.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.223.102/; sid:900612068; rev:1;) alert tcp $HOME_NET any -> [31.53.29.232] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.232/; sid:900612069; rev:1;) alert tcp $HOME_NET any -> [151.62.196.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.196.56/; sid:900612070; rev:1;) alert tcp $HOME_NET any -> [86.250.12.86] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.250.12.86/; sid:900612071; rev:1;) alert tcp $HOME_NET any -> [102.156.59.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.59.194/; sid:900612072; rev:1;) alert tcp $HOME_NET any -> [70.51.137.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.137.58/; sid:900612073; rev:1;) alert tcp $HOME_NET any -> [174.118.68.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.68.176/; sid:900612074; rev:1;) alert tcp $HOME_NET any -> [46.24.47.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.47.206/; sid:900612075; rev:1;) alert tcp $HOME_NET any -> [41.62.157.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.157.106/; sid:900612076; rev:1;) alert tcp $HOME_NET any -> [31.50.179.221] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.50.179.221/; sid:900612077; rev:1;) alert tcp $HOME_NET any -> [146.70.149.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.149.40/; sid:900612078; rev:1;) alert tcp $HOME_NET any -> [87.67.214.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.67.214.236/; sid:900612079; rev:1;) alert tcp $HOME_NET any -> [146.19.173.76] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.19.173.76/; sid:900612080; rev:1;) alert tcp $HOME_NET any -> [8.222.227.103] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.222.227.103/; sid:900612081; rev:1;) alert tcp $HOME_NET any -> [92.188.241.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.188.241.102/; sid:900612082; rev:1;) alert tcp $HOME_NET any -> [86.140.160.231] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.140.160.231/; sid:900612083; rev:1;) alert tcp $HOME_NET any -> [86.130.9.128] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.128/; sid:900612084; rev:1;) alert tcp $HOME_NET any -> [102.156.133.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.133.23/; sid:900612085; rev:1;) alert tcp $HOME_NET any -> [31.53.29.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.198/; sid:900612086; rev:1;) alert tcp $HOME_NET any -> [102.157.31.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.31.224/; sid:900612087; rev:1;) alert tcp $HOME_NET any -> [109.218.108.3] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.218.108.3/; sid:900612088; rev:1;) alert tcp $HOME_NET any -> [87.220.204.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.204.177/; sid:900612089; rev:1;) alert tcp $HOME_NET any -> [92.97.119.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.119.138/; sid:900612090; rev:1;) alert tcp $HOME_NET any -> [46.24.47.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.24.47.243/; sid:900612091; rev:1;) alert tcp $HOME_NET any -> [103.123.223.171] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.171/; sid:900612092; rev:1;) alert tcp $HOME_NET any -> [78.16.206.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.16.206.86/; sid:900612093; rev:1;) alert tcp $HOME_NET any -> [171.96.204.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.204.242/; sid:900612094; rev:1;) alert tcp $HOME_NET any -> [217.165.234.249] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.234.249/; sid:900612095; rev:1;) alert tcp $HOME_NET any -> [62.35.230.21] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.35.230.21/; sid:900612096; rev:1;) alert tcp $HOME_NET any -> [99.230.89.236] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.230.89.236/; sid:900612097; rev:1;) alert tcp $HOME_NET any -> [193.253.53.157] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.253.53.157/; sid:900612098; rev:1;) alert tcp $HOME_NET any -> [109.50.128.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.128.59/; sid:900612099; rev:1;) alert tcp $HOME_NET any -> [102.158.70.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.70.210/; sid:900612100; rev:1;) alert tcp $HOME_NET any -> [99.230.89.236] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.230.89.236/; sid:900612101; rev:1;) alert tcp $HOME_NET any -> [71.78.95.86] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.95.86/; sid:900612102; rev:1;) alert tcp $HOME_NET any -> [77.124.5.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.5.149/; sid:900612103; rev:1;) alert tcp $HOME_NET any -> [217.44.108.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.44.108.89/; sid:900612104; rev:1;) alert tcp $HOME_NET any -> [109.159.119.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.159.119.82/; sid:900612105; rev:1;) alert tcp $HOME_NET any -> [73.0.34.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.0.34.177/; sid:900612106; rev:1;) alert tcp $HOME_NET any -> [81.240.235.122] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.240.235.122/; sid:900612107; rev:1;) alert tcp $HOME_NET any -> [151.55.186.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.55.186.41/; sid:900612108; rev:1;) alert tcp $HOME_NET any -> [197.2.126.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.126.19/; sid:900612109; rev:1;) alert tcp $HOME_NET any -> [94.59.122.53] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.122.53/; sid:900612110; rev:1;) alert tcp $HOME_NET any -> [98.19.224.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.19.224.125/; sid:900612111; rev:1;) alert tcp $HOME_NET any -> [98.176.5.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.176.5.56/; sid:900612112; rev:1;) alert tcp $HOME_NET any -> [220.240.15.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.240.15.200/; sid:900612113; rev:1;) alert tcp $HOME_NET any -> [102.157.51.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.51.147/; sid:900612114; rev:1;) alert tcp $HOME_NET any -> [71.34.185.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.34.185.40/; sid:900612115; rev:1;) alert tcp $HOME_NET any -> [197.1.253.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.253.66/; sid:900612116; rev:1;) alert tcp $HOME_NET any -> [88.168.199.84] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.168.199.84/; sid:900612117; rev:1;) alert tcp $HOME_NET any -> [85.104.105.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.105.67/; sid:900612118; rev:1;) alert tcp $HOME_NET any -> [5.30.216.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.30.216.183/; sid:900612119; rev:1;) alert tcp $HOME_NET any -> [202.184.123.13] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.184.123.13/; sid:900612120; rev:1;) alert tcp $HOME_NET any -> [45.32.37.109] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.37.109/; sid:900612121; rev:1;) alert tcp $HOME_NET any -> [123.3.240.16] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.3.240.16/; sid:900612122; rev:1;) alert tcp $HOME_NET any -> [85.53.128.200] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.53.128.200/; sid:900612123; rev:1;) alert tcp $HOME_NET any -> [91.82.3.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.3.239/; sid:900612124; rev:1;) alert tcp $HOME_NET any -> [69.114.91.79] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.114.91.79/; sid:900612125; rev:1;) alert tcp $HOME_NET any -> [63.140.106.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.180/; sid:900612126; rev:1;) alert tcp $HOME_NET any -> [63.140.106.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.181/; sid:900612127; rev:1;) alert tcp $HOME_NET any -> [76.185.132.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.132.46/; sid:900612128; rev:1;) alert tcp $HOME_NET any -> [63.140.106.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.182/; sid:900612129; rev:1;) alert tcp $HOME_NET any -> [63.140.106.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.140.106.183/; sid:900612130; rev:1;) alert tcp $HOME_NET any -> [207.204.111.236] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.204.111.236/; sid:900612131; rev:1;) alert tcp $HOME_NET any -> [74.12.245.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.245.63/; sid:900612132; rev:1;) alert tcp $HOME_NET any -> [76.64.99.251] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.64.99.251/; sid:900612133; rev:1;) alert tcp $HOME_NET any -> [209.243.10.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.243.10.63/; sid:900612134; rev:1;) alert tcp $HOME_NET any -> [76.16.49.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.16.49.134/; sid:900612135; rev:1;) alert tcp $HOME_NET any -> [12.20.0.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.20.0.235/; sid:900612136; rev:1;) alert tcp $HOME_NET any -> [70.118.31.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.31.26/; sid:900612137; rev:1;) alert tcp $HOME_NET any -> [66.35.125.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.74/; sid:900612138; rev:1;) alert tcp $HOME_NET any -> [70.29.123.54] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.123.54/; sid:900612139; rev:1;) alert tcp $HOME_NET any -> [108.190.115.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.115.159/; sid:900612140; rev:1;) alert tcp $HOME_NET any -> [179.158.101.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.158.101.198/; sid:900612141; rev:1;) alert tcp $HOME_NET any -> [188.83.251.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.83.251.100/; sid:900612142; rev:1;) alert tcp $HOME_NET any -> [86.98.17.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.17.95/; sid:900612143; rev:1;) alert tcp $HOME_NET any -> [67.10.9.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.9.125/; sid:900612144; rev:1;) alert tcp $HOME_NET any -> [151.65.214.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.214.218/; sid:900612145; rev:1;) alert tcp $HOME_NET any -> [186.64.67.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.41/; sid:900612146; rev:1;) alert tcp $HOME_NET any -> [69.157.243.204] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.157.243.204/; sid:900612147; rev:1;) alert tcp $HOME_NET any -> [67.70.122.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.122.196/; sid:900612148; rev:1;) alert tcp $HOME_NET any -> [45.2.61.181] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.2.61.181/; sid:900612149; rev:1;) alert tcp $HOME_NET any -> [85.105.207.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.207.126/; sid:900612150; rev:1;) alert tcp $HOME_NET any -> [86.130.9.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.208/; sid:900612151; rev:1;) alert tcp $HOME_NET any -> [88.249.231.161] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.231.161/; sid:900612152; rev:1;) alert tcp $HOME_NET any -> [70.160.67.203] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.160.67.203/; sid:900612153; rev:1;) alert tcp $HOME_NET any -> [2.49.63.193] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.49.63.193/; sid:900612154; rev:1;) alert tcp $HOME_NET any -> [81.224.201.143] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.224.201.143/; sid:900612155; rev:1;) alert tcp $HOME_NET any -> [207.107.71.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.48/; sid:900612156; rev:1;) alert tcp $HOME_NET any -> [207.107.71.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.50/; sid:900612157; rev:1;) alert tcp $HOME_NET any -> [207.107.71.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.53/; sid:900612158; rev:1;) alert tcp $HOME_NET any -> [207.107.71.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.52/; sid:900612159; rev:1;) alert tcp $HOME_NET any -> [207.107.71.55] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.55/; sid:900612160; rev:1;) alert tcp $HOME_NET any -> [207.107.118.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.118.2/; sid:900612161; rev:1;) alert tcp $HOME_NET any -> [41.227.211.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.211.88/; sid:900612162; rev:1;) alert tcp $HOME_NET any -> [73.41.215.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.41.215.237/; sid:900612163; rev:1;) alert tcp $HOME_NET any -> [47.16.75.99] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.75.99/; sid:900612164; rev:1;) alert tcp $HOME_NET any -> [207.107.71.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.51/; sid:900612165; rev:1;) alert tcp $HOME_NET any -> [207.107.71.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.54/; sid:900612166; rev:1;) alert tcp $HOME_NET any -> [201.208.135.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.135.167/; sid:900612167; rev:1;) alert tcp $HOME_NET any -> [70.51.136.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.136.238/; sid:900612168; rev:1;) alert tcp $HOME_NET any -> [86.215.62.128] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.215.62.128/; sid:900612169; rev:1;) alert tcp $HOME_NET any -> [173.24.83.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.24.83.160/; sid:900612170; rev:1;) alert tcp $HOME_NET any -> [68.14.195.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.14.195.55/; sid:900612171; rev:1;) alert tcp $HOME_NET any -> [86.9.70.158] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.9.70.158/; sid:900612172; rev:1;) alert tcp $HOME_NET any -> [197.2.238.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.238.177/; sid:900612173; rev:1;) alert tcp $HOME_NET any -> [31.190.210.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.210.188/; sid:900612174; rev:1;) alert tcp $HOME_NET any -> [200.93.26.107] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.26.107/; sid:900612175; rev:1;) alert tcp $HOME_NET any -> [105.184.99.42] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.99.42/; sid:900612176; rev:1;) alert tcp $HOME_NET any -> [24.150.188.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.150.188.234/; sid:900612177; rev:1;) alert tcp $HOME_NET any -> [66.180.226.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.58/; sid:900612178; rev:1;) alert tcp $HOME_NET any -> [183.87.192.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.192.196/; sid:900612179; rev:1;) alert tcp $HOME_NET any -> [47.180.84.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.84.164/; sid:900612180; rev:1;) alert tcp $HOME_NET any -> [151.213.180.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.180.225/; sid:900612181; rev:1;) alert tcp $HOME_NET any -> [86.222.100.184] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.100.184/; sid:900612182; rev:1;) alert tcp $HOME_NET any -> [193.92.84.1] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.92.84.1/; sid:900612183; rev:1;) alert tcp $HOME_NET any -> [174.21.64.35] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.21.64.35/; sid:900612184; rev:1;) alert tcp $HOME_NET any -> [73.207.160.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.207.160.219/; sid:900612185; rev:1;) alert tcp $HOME_NET any -> [80.6.50.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.6.50.34/; sid:900612186; rev:1;) alert tcp $HOME_NET any -> [87.223.95.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.95.250/; sid:900612187; rev:1;) alert tcp $HOME_NET any -> [86.156.197.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.156.197.44/; sid:900612188; rev:1;) alert tcp $HOME_NET any -> [174.115.175.112] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.115.175.112/; sid:900612189; rev:1;) alert tcp $HOME_NET any -> [78.82.143.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.82.143.154/; sid:900612190; rev:1;) alert tcp $HOME_NET any -> [38.2.18.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.2.18.164/; sid:900612191; rev:1;) alert tcp $HOME_NET any -> [138.207.135.0] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.135.0/; sid:900612192; rev:1;) alert tcp $HOME_NET any -> [190.141.193.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.193.170/; sid:900612193; rev:1;) alert tcp $HOME_NET any -> [201.130.116.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.116.138/; sid:900612194; rev:1;) alert tcp $HOME_NET any -> [76.99.61.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.99.61.146/; sid:900612195; rev:1;) alert tcp $HOME_NET any -> [109.49.58.125] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.49.58.125/; sid:900612196; rev:1;) alert tcp $HOME_NET any -> [181.4.225.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.225.225/; sid:900612197; rev:1;) alert tcp $HOME_NET any -> [131.191.58.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.191.58.183/; sid:900612198; rev:1;) alert tcp $HOME_NET any -> [171.96.192.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.192.178/; sid:900612199; rev:1;) alert tcp $HOME_NET any -> [114.143.176.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.236/; sid:900612200; rev:1;) alert tcp $HOME_NET any -> [2.50.16.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.16.167/; sid:900612201; rev:1;) alert tcp $HOME_NET any -> [43.243.215.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.243.215.210/; sid:900612202; rev:1;) alert tcp $HOME_NET any -> [86.244.255.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.244.255.82/; sid:900612203; rev:1;) alert tcp $HOME_NET any -> [2.237.150.131] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.237.150.131/; sid:900612204; rev:1;) alert tcp $HOME_NET any -> [103.141.50.79] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.79/; sid:900612205; rev:1;) alert tcp $HOME_NET any -> [173.61.50.155] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.50.155/; sid:900612206; rev:1;) alert tcp $HOME_NET any -> [69.158.56.94] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.56.94/; sid:900612207; rev:1;) alert tcp $HOME_NET any -> [79.47.207.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.47.207.6/; sid:900612208; rev:1;) alert tcp $HOME_NET any -> [102.158.154.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.154.97/; sid:900612209; rev:1;) alert tcp $HOME_NET any -> [173.22.114.208] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.114.208/; sid:900612210; rev:1;) alert tcp $HOME_NET any -> [113.11.92.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.11.92.30/; sid:900612211; rev:1;) alert tcp $HOME_NET any -> [178.152.124.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.124.169/; sid:900612212; rev:1;) alert tcp $HOME_NET any -> [207.107.71.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.71.49/; sid:900612213; rev:1;) alert tcp $HOME_NET any -> [70.53.193.201] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.193.201/; sid:900612214; rev:1;) alert tcp $HOME_NET any -> [86.99.48.130] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.48.130/; sid:900612215; rev:1;) alert tcp $HOME_NET any -> [186.52.239.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.52.239.187/; sid:900612216; rev:1;) alert tcp $HOME_NET any -> [70.28.50.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.50.223/; sid:900612217; rev:1;) alert tcp $HOME_NET any -> [86.176.16.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.16.18/; sid:900612218; rev:1;) alert tcp $HOME_NET any -> [116.74.164.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.175/; sid:900612219; rev:1;) alert tcp $HOME_NET any -> [37.14.97.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.14.97.206/; sid:900612220; rev:1;) alert tcp $HOME_NET any -> [84.216.198.201] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.216.198.201/; sid:900612221; rev:1;) alert tcp $HOME_NET any -> [212.70.98.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.236/; sid:900612222; rev:1;) alert tcp $HOME_NET any -> [109.148.99.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.148.99.224/; sid:900612223; rev:1;) alert tcp $HOME_NET any -> [142.189.121.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.189.121.178/; sid:900612224; rev:1;) alert tcp $HOME_NET any -> [31.190.225.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.225.7/; sid:900612225; rev:1;) alert tcp $HOME_NET any -> [70.54.65.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.54.65.197/; sid:900612226; rev:1;) alert tcp $HOME_NET any -> [67.177.41.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.41.245/; sid:900612227; rev:1;) alert tcp $HOME_NET any -> [173.206.84.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.84.174/; sid:900612228; rev:1;) alert tcp $HOME_NET any -> [73.228.158.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.228.158.175/; sid:900612229; rev:1;) alert tcp $HOME_NET any -> [204.112.31.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.112.31.4/; sid:900612230; rev:1;) alert tcp $HOME_NET any -> [98.160.111.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.160.111.18/; sid:900612231; rev:1;) alert tcp $HOME_NET any -> [108.32.72.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.32.72.145/; sid:900612232; rev:1;) alert tcp $HOME_NET any -> [209.171.160.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.171.160.69/; sid:900612233; rev:1;) alert tcp $HOME_NET any -> [74.136.224.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.136.224.98/; sid:900612234; rev:1;) alert tcp $HOME_NET any -> [103.113.68.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.68.33/; sid:900612235; rev:1;) alert tcp $HOME_NET any -> [64.40.4.89] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.4.89/; sid:900612236; rev:1;) alert tcp $HOME_NET any -> [40.134.85.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.85.217/; sid:900612237; rev:1;) alert tcp $HOME_NET any -> [98.19.234.243] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.19.234.243/; sid:900612238; rev:1;) alert tcp $HOME_NET any -> [86.177.199.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.177.199.192/; sid:900612239; rev:1;) alert tcp $HOME_NET any -> [79.167.206.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.206.93/; sid:900612240; rev:1;) alert tcp $HOME_NET any -> [174.21.75.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.21.75.227/; sid:900612241; rev:1;) alert tcp $HOME_NET any -> [211.248.50.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.50.162/; sid:900612242; rev:1;) alert tcp $HOME_NET any -> [45.241.249.37] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.249.37/; sid:900612243; rev:1;) alert tcp $HOME_NET any -> [79.26.184.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.26.184.19/; sid:900612244; rev:1;) alert tcp $HOME_NET any -> [83.110.74.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.74.222/; sid:900612245; rev:1;) alert tcp $HOME_NET any -> [41.230.168.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.168.47/; sid:900612246; rev:1;) alert tcp $HOME_NET any -> [47.149.248.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.248.80/; sid:900612247; rev:1;) alert tcp $HOME_NET any -> [2.14.173.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.173.248/; sid:900612248; rev:1;) alert tcp $HOME_NET any -> [45.243.150.223] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.150.223/; sid:900612249; rev:1;) alert tcp $HOME_NET any -> [103.175.16.119] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.119/; sid:900612250; rev:1;) alert tcp $HOME_NET any -> [213.197.72.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.197.72.89/; sid:900612251; rev:1;) alert tcp $HOME_NET any -> [86.130.9.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.227/; sid:900612252; rev:1;) alert tcp $HOME_NET any -> [82.7.145.109] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.7.145.109/; sid:900612253; rev:1;) alert tcp $HOME_NET any -> [92.135.0.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.135.0.154/; sid:900612254; rev:1;) alert tcp $HOME_NET any -> [91.2.143.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.2.143.185/; sid:900612255; rev:1;) alert tcp $HOME_NET any -> [70.50.83.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.83.139/; sid:900612256; rev:1;) alert tcp $HOME_NET any -> [102.156.218.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.218.92/; sid:900612257; rev:1;) alert tcp $HOME_NET any -> [85.104.98.64] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.98.64/; sid:900612258; rev:1;) alert tcp $HOME_NET any -> [116.74.164.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.93/; sid:900612259; rev:1;) alert tcp $HOME_NET any -> [186.75.103.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.103.188/; sid:900612260; rev:1;) alert tcp $HOME_NET any -> [86.178.33.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.63/; sid:900612261; rev:1;) alert tcp $HOME_NET any -> [200.109.16.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.16.12/; sid:900612262; rev:1;) alert tcp $HOME_NET any -> [92.98.159.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.159.9/; sid:900612263; rev:1;) alert tcp $HOME_NET any -> [86.133.51.120] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.133.51.120/; sid:900612264; rev:1;) alert tcp $HOME_NET any -> [80.76.163.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.212/; sid:900612265; rev:1;) alert tcp $HOME_NET any -> [151.51.224.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.51.224.231/; sid:900612266; rev:1;) alert tcp $HOME_NET any -> [65.95.141.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.84/; sid:900612267; rev:1;) alert tcp $HOME_NET any -> [68.203.69.96] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.203.69.96/; sid:900612268; rev:1;) alert tcp $HOME_NET any -> [142.79.110.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.79.110.85/; sid:900612269; rev:1;) alert tcp $HOME_NET any -> [86.169.48.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.169.48.88/; sid:900612270; rev:1;) alert tcp $HOME_NET any -> [51.14.29.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.14.29.227/; sid:900612271; rev:1;) alert tcp $HOME_NET any -> [41.62.152.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.152.156/; sid:900612272; rev:1;) alert tcp $HOME_NET any -> [102.158.201.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.201.119/; sid:900612273; rev:1;) alert tcp $HOME_NET any -> [37.186.59.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.59.197/; sid:900612274; rev:1;) alert tcp $HOME_NET any -> [86.128.15.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.128.15.167/; sid:900612275; rev:1;) alert tcp $HOME_NET any -> [24.123.46.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.46.234/; sid:900612276; rev:1;) alert tcp $HOME_NET any -> [201.208.136.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.136.202/; sid:900612277; rev:1;) alert tcp $HOME_NET any -> [105.101.53.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.53.126/; sid:900612278; rev:1;) alert tcp $HOME_NET any -> [65.95.141.84] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.84/; sid:900612279; rev:1;) alert tcp $HOME_NET any -> [184.181.75.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.181.75.148/; sid:900612280; rev:1;) alert tcp $HOME_NET any -> [78.19.1.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.19.1.196/; sid:900612281; rev:1;) alert tcp $HOME_NET any -> [99.251.67.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.251.67.229/; sid:900612282; rev:1;) alert tcp $HOME_NET any -> [142.181.206.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.181.206.222/; sid:900612283; rev:1;) alert tcp $HOME_NET any -> [97.80.93.207] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.80.93.207/; sid:900612284; rev:1;) alert tcp $HOME_NET any -> [68.227.249.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.227.249.138/; sid:900612285; rev:1;) alert tcp $HOME_NET any -> [85.104.94.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.94.30/; sid:900612286; rev:1;) alert tcp $HOME_NET any -> [69.114.94.211] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.114.94.211/; sid:900612287; rev:1;) alert tcp $HOME_NET any -> [2.50.48.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.48.191/; sid:900612288; rev:1;) alert tcp $HOME_NET any -> [78.100.242.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.242.45/; sid:900612289; rev:1;) alert tcp $HOME_NET any -> [197.92.141.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.141.173/; sid:900612290; rev:1;) alert tcp $HOME_NET any -> [206.163.237.124] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.163.237.124/; sid:900612291; rev:1;) alert tcp $HOME_NET any -> [86.97.70.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.70.4/; sid:900612292; rev:1;) alert tcp $HOME_NET any -> [86.176.152.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.152.108/; sid:900612293; rev:1;) alert tcp $HOME_NET any -> [92.136.178.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.136.178.51/; sid:900612294; rev:1;) alert tcp $HOME_NET any -> [86.176.144.144] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.144/; sid:900612295; rev:1;) alert tcp $HOME_NET any -> [80.76.163.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.187/; sid:900612296; rev:1;) alert tcp $HOME_NET any -> [67.70.119.49] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.119.49/; sid:900612297; rev:1;) alert tcp $HOME_NET any -> [200.93.14.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.14.173/; sid:900612298; rev:1;) alert tcp $HOME_NET any -> [38.69.136.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.69.136.177/; sid:900612299; rev:1;) alert tcp $HOME_NET any -> [2.14.104.108] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.104.108/; sid:900612300; rev:1;) alert tcp $HOME_NET any -> [73.226.175.11] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.226.175.11/; sid:900612301; rev:1;) alert tcp $HOME_NET any -> [89.36.206.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.188/; sid:900612302; rev:1;) alert tcp $HOME_NET any -> [31.53.29.136] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.136/; sid:900612303; rev:1;) alert tcp $HOME_NET any -> [190.11.198.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.77/; sid:900612304; rev:1;) alert tcp $HOME_NET any -> [83.110.223.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.223.61/; sid:900612305; rev:1;) alert tcp $HOME_NET any -> [194.135.33.160] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.160/; sid:900612306; rev:1;) alert tcp $HOME_NET any -> [91.235.234.199] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.234.199/; sid:900612307; rev:1;) alert tcp $HOME_NET any -> [192.236.233.8] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.236.233.8/; sid:900612308; rev:1;) alert tcp $HOME_NET any -> [205.185.119.60] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.119.60/; sid:900612309; rev:1;) alert tcp $HOME_NET any -> [142.11.193.243] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.193.243/; sid:900612310; rev:1;) alert tcp $HOME_NET any -> [92.119.178.40] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.119.178.40/; sid:900612311; rev:1;) alert tcp $HOME_NET any -> [103.175.16.151] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.175.16.151/; sid:900612312; rev:1;) alert tcp $HOME_NET any -> [190.11.198.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.198.78/; sid:900612313; rev:1;) alert tcp $HOME_NET any -> [79.168.224.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.168.224.165/; sid:900612314; rev:1;) alert tcp $HOME_NET any -> [24.198.114.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.198.114.130/; sid:900612315; rev:1;) alert tcp $HOME_NET any -> [213.64.33.61] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.64.33.61/; sid:900612316; rev:1;) alert tcp $HOME_NET any -> [66.180.226.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.226.67/; sid:900612317; rev:1;) alert tcp $HOME_NET any -> [223.166.13.95] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.166.13.95/; sid:900612318; rev:1;) alert tcp $HOME_NET any -> [70.50.1.252] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.1.252/; sid:900612319; rev:1;) alert tcp $HOME_NET any -> [103.141.50.43] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.43/; sid:900612320; rev:1;) alert tcp $HOME_NET any -> [90.164.29.160] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.164.29.160/; sid:900612321; rev:1;) alert tcp $HOME_NET any -> [68.68.162.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.68.162.18/; sid:900612322; rev:1;) alert tcp $HOME_NET any -> [70.29.123.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.123.104/; sid:900612323; rev:1;) alert tcp $HOME_NET any -> [86.132.236.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.132.236.117/; sid:900612324; rev:1;) alert tcp $HOME_NET any -> [151.21.131.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.21.131.118/; sid:900612325; rev:1;) alert tcp $HOME_NET any -> [47.16.75.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.75.156/; sid:900612326; rev:1;) alert tcp $HOME_NET any -> [45.246.236.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.246.236.229/; sid:900612327; rev:1;) alert tcp $HOME_NET any -> [92.97.115.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.117/; sid:900612328; rev:1;) alert tcp $HOME_NET any -> [220.240.164.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.240.164.182/; sid:900612329; rev:1;) alert tcp $HOME_NET any -> [69.159.157.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.157.194/; sid:900612330; rev:1;) alert tcp $HOME_NET any -> [197.161.134.140] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.161.134.140/; sid:900612331; rev:1;) alert tcp $HOME_NET any -> [197.204.93.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.93.169/; sid:900612332; rev:1;) alert tcp $HOME_NET any -> [75.90.81.22] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.90.81.22/; sid:900612333; rev:1;) alert tcp $HOME_NET any -> [129.153.135.83] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.153.135.83/; sid:900612334; rev:1;) alert tcp $HOME_NET any -> [132.148.79.222] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.148.79.222/; sid:900612335; rev:1;) alert tcp $HOME_NET any -> [45.154.24.57] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.154.24.57/; sid:900612336; rev:1;) alert tcp $HOME_NET any -> [45.85.235.39] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.85.235.39/; sid:900612337; rev:1;) alert tcp $HOME_NET any -> [129.153.22.231] 32999 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.153.22.231/; sid:900612338; rev:1;) alert tcp $HOME_NET any -> [129.213.54.49] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.213.54.49/; sid:900612339; rev:1;) alert tcp $HOME_NET any -> [129.80.164.200] 32999 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.80.164.200/; sid:900612340; rev:1;) alert tcp $HOME_NET any -> [144.172.126.136] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.172.126.136/; sid:900612341; rev:1;) alert tcp $HOME_NET any -> [185.87.148.132] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.87.148.132/; sid:900612342; rev:1;) alert tcp $HOME_NET any -> [193.122.200.171] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.122.200.171/; sid:900612343; rev:1;) alert tcp $HOME_NET any -> [132.148.73.117] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.148.73.117/; sid:900612345; rev:1;) alert tcp $HOME_NET any -> [89.116.131.40] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.116.131.40/; sid:900612346; rev:1;) alert tcp $HOME_NET any -> [209.140.8.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.140.8.14/; sid:900612347; rev:1;) alert tcp $HOME_NET any -> [161.142.103.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.103.148/; sid:900612348; rev:1;) alert tcp $HOME_NET any -> [107.189.6.147] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.6.147/; sid:900612349; rev:1;) alert tcp $HOME_NET any -> [199.195.251.244] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.251.244/; sid:900612350; rev:1;) alert tcp $HOME_NET any -> [200.44.192.169] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.44.192.169/; sid:900612351; rev:1;) alert tcp $HOME_NET any -> [185.164.186.150] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.186.150/; sid:900612352; rev:1;) alert tcp $HOME_NET any -> [35.143.97.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.143.97.141/; sid:900612353; rev:1;) alert tcp $HOME_NET any -> [105.102.98.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.102.98.225/; sid:900612354; rev:1;) alert tcp $HOME_NET any -> [86.248.228.57] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.248.228.57/; sid:900612355; rev:1;) alert tcp $HOME_NET any -> [142.196.109.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.196.109.179/; sid:900612356; rev:1;) alert tcp $HOME_NET any -> [186.64.67.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.5/; sid:900612357; rev:1;) alert tcp $HOME_NET any -> [212.169.233.141] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.169.233.141/; sid:900612358; rev:1;) alert tcp $HOME_NET any -> [102.159.61.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.61.87/; sid:900612359; rev:1;) alert tcp $HOME_NET any -> [197.1.147.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.147.157/; sid:900612360; rev:1;) alert tcp $HOME_NET any -> [186.75.95.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.95.6/; sid:900612361; rev:1;) alert tcp $HOME_NET any -> [90.1.23.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.1.23.9/; sid:900612362; rev:1;) alert tcp $HOME_NET any -> [41.227.190.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.190.59/; sid:900612363; rev:1;) alert tcp $HOME_NET any -> [190.249.250.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.250.149/; sid:900612364; rev:1;) alert tcp $HOME_NET any -> [94.207.104.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.207.104.225/; sid:900612365; rev:1;) alert tcp $HOME_NET any -> [103.123.223.133] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.133/; sid:900612366; rev:1;) alert tcp $HOME_NET any -> [193.80.73.200] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.80.73.200/; sid:900612367; rev:1;) alert tcp $HOME_NET any -> [31.17.195.13] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.17.195.13/; sid:900612368; rev:1;) alert tcp $HOME_NET any -> [41.62.219.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.219.235/; sid:900612369; rev:1;) alert tcp $HOME_NET any -> [203.109.44.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.109.44.236/; sid:900612370; rev:1;) alert tcp $HOME_NET any -> [142.118.221.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.221.248/; sid:900612371; rev:1;) alert tcp $HOME_NET any -> [23.191.129.153] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.191.129.153/; sid:900612372; rev:1;) alert tcp $HOME_NET any -> [41.228.201.107] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.201.107/; sid:900612373; rev:1;) alert tcp $HOME_NET any -> [86.178.33.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.62/; sid:900612374; rev:1;) alert tcp $HOME_NET any -> [151.62.42.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.42.163/; sid:900612375; rev:1;) alert tcp $HOME_NET any -> [90.29.86.138] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.29.86.138/; sid:900612376; rev:1;) alert tcp $HOME_NET any -> [176.241.61.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.241.61.213/; sid:900612377; rev:1;) alert tcp $HOME_NET any -> [101.184.170.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.184.170.38/; sid:900612378; rev:1;) alert tcp $HOME_NET any -> [151.62.35.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.35.45/; sid:900612379; rev:1;) alert tcp $HOME_NET any -> [86.130.9.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.242/; sid:900612380; rev:1;) alert tcp $HOME_NET any -> [95.45.50.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.45.50.93/; sid:900612381; rev:1;) alert tcp $HOME_NET any -> [197.1.196.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.1.196.34/; sid:900612382; rev:1;) alert tcp $HOME_NET any -> [76.185.109.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.109.16/; sid:900612383; rev:1;) alert tcp $HOME_NET any -> [86.97.52.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.52.82/; sid:900612384; rev:1;) alert tcp $HOME_NET any -> [116.74.164.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.53/; sid:900612385; rev:1;) alert tcp $HOME_NET any -> [205.237.67.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.237.67.69/; sid:900612386; rev:1;) alert tcp $HOME_NET any -> [105.101.83.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.83.60/; sid:900612387; rev:1;) alert tcp $HOME_NET any -> [66.35.125.199] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.199/; sid:900612388; rev:1;) alert tcp $HOME_NET any -> [190.199.228.254] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.228.254/; sid:900612389; rev:1;) alert tcp $HOME_NET any -> [78.87.244.147] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.244.147/; sid:900612390; rev:1;) alert tcp $HOME_NET any -> [154.20.252.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.20.252.31/; sid:900612391; rev:1;) alert tcp $HOME_NET any -> [41.228.57.242] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.57.242/; sid:900612392; rev:1;) alert tcp $HOME_NET any -> [104.245.157.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.157.114/; sid:900612393; rev:1;) alert tcp $HOME_NET any -> [90.7.72.46] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.7.72.46/; sid:900612394; rev:1;) alert tcp $HOME_NET any -> [67.21.33.208] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.21.33.208/; sid:900612395; rev:1;) alert tcp $HOME_NET any -> [70.48.46.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.48.46.235/; sid:900612396; rev:1;) alert tcp $HOME_NET any -> [78.160.146.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.160.146.127/; sid:900612397; rev:1;) alert tcp $HOME_NET any -> [105.101.34.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.34.87/; sid:900612398; rev:1;) alert tcp $HOME_NET any -> [66.180.234.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.234.51/; sid:900612399; rev:1;) alert tcp $HOME_NET any -> [190.75.158.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.158.216/; sid:900612400; rev:1;) alert tcp $HOME_NET any -> [89.36.206.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.69/; sid:900612401; rev:1;) alert tcp $HOME_NET any -> [161.142.103.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.103.187/; sid:900612402; rev:1;) alert tcp $HOME_NET any -> [91.134.126.43] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.134.126.43/; sid:900612403; rev:1;) alert tcp $HOME_NET any -> [85.215.162.167] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.215.162.167/; sid:900612404; rev:1;) alert tcp $HOME_NET any -> [154.80.229.112] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.112/; sid:900612405; rev:1;) alert tcp $HOME_NET any -> [103.151.20.137] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.151.20.137/; sid:900612406; rev:1;) alert tcp $HOME_NET any -> [197.0.76.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.76.189/; sid:900612407; rev:1;) alert tcp $HOME_NET any -> [105.101.60.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.101.60.253/; sid:900612408; rev:1;) alert tcp $HOME_NET any -> [209.141.57.123] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.57.123/; sid:900612409; rev:1;) alert tcp $HOME_NET any -> [154.80.229.105] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.105/; sid:900612410; rev:1;) alert tcp $HOME_NET any -> [174.118.54.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.54.57/; sid:900612411; rev:1;) alert tcp $HOME_NET any -> [190.199.152.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.152.233/; sid:900612412; rev:1;) alert tcp $HOME_NET any -> [86.98.22.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.22.242/; sid:900612413; rev:1;) alert tcp $HOME_NET any -> [186.64.67.30] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.30/; sid:900612414; rev:1;) alert tcp $HOME_NET any -> [154.80.229.76] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.80.229.76/; sid:900612415; rev:1;) alert tcp $HOME_NET any -> [151.62.238.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.238.176/; sid:900612416; rev:1;) alert tcp $HOME_NET any -> [109.150.179.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.179.202/; sid:900612417; rev:1;) alert tcp $HOME_NET any -> [31.190.73.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.73.114/; sid:900612418; rev:1;) alert tcp $HOME_NET any -> [82.125.44.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.125.44.236/; sid:900612419; rev:1;) alert tcp $HOME_NET any -> [86.176.157.39] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.157.39/; sid:900612420; rev:1;) alert tcp $HOME_NET any -> [85.57.212.13] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.57.212.13/; sid:900612421; rev:1;) alert tcp $HOME_NET any -> [124.122.47.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.47.148/; sid:900612422; rev:1;) alert tcp $HOME_NET any -> [102.159.188.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.188.125/; sid:900612423; rev:1;) alert tcp $HOME_NET any -> [82.131.141.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.131.141.209/; sid:900612424; rev:1;) alert tcp $HOME_NET any -> [86.97.55.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.55.89/; sid:900612425; rev:1;) alert tcp $HOME_NET any -> [69.158.122.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.122.202/; sid:900612426; rev:1;) alert tcp $HOME_NET any -> [67.177.42.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.42.38/; sid:900612427; rev:1;) alert tcp $HOME_NET any -> [86.173.2.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.2.12/; sid:900612428; rev:1;) alert tcp $HOME_NET any -> [109.50.149.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.149.241/; sid:900612429; rev:1;) alert tcp $HOME_NET any -> [103.221.68.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.221.68.250/; sid:900612430; rev:1;) alert tcp $HOME_NET any -> [108.61.159.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.61.159.44/; sid:900612431; rev:1;) alert tcp $HOME_NET any -> [24.177.111.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.177.111.159/; sid:900612432; rev:1;) alert tcp $HOME_NET any -> [151.65.167.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.167.77/; sid:900612433; rev:1;) alert tcp $HOME_NET any -> [70.49.205.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.49.205.198/; sid:900612434; rev:1;) alert tcp $HOME_NET any -> [199.27.66.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.27.66.213/; sid:900612435; rev:1;) alert tcp $HOME_NET any -> [83.249.198.100] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.249.198.100/; sid:900612436; rev:1;) alert tcp $HOME_NET any -> [67.70.120.249] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.120.249/; sid:900612437; rev:1;) alert tcp $HOME_NET any -> [180.151.229.230] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.229.230/; sid:900612438; rev:1;) alert tcp $HOME_NET any -> [165.120.169.171] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.120.169.171/; sid:900612439; rev:1;) alert tcp $HOME_NET any -> [200.84.200.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.200.20/; sid:900612440; rev:1;) alert tcp $HOME_NET any -> [201.143.215.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.215.69/; sid:900612441; rev:1;) alert tcp $HOME_NET any -> [161.129.37.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.129.37.43/; sid:900612442; rev:1;) alert tcp $HOME_NET any -> [103.139.242.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.242.6/; sid:900612443; rev:1;) alert tcp $HOME_NET any -> [24.234.220.88] 990 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.220.88/; sid:900612444; rev:1;) alert tcp $HOME_NET any -> [24.234.220.88] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.220.88/; sid:900612445; rev:1;) alert tcp $HOME_NET any -> [94.204.232.135] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.204.232.135/; sid:900612446; rev:1;) alert tcp $HOME_NET any -> [24.234.220.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.220.88/; sid:900612447; rev:1;) alert tcp $HOME_NET any -> [102.159.223.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.223.197/; sid:900612448; rev:1;) alert tcp $HOME_NET any -> [24.234.220.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.220.88/; sid:900612449; rev:1;) alert tcp $HOME_NET any -> [31.190.249.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.249.212/; sid:900612450; rev:1;) alert tcp $HOME_NET any -> [78.18.105.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.18.105.11/; sid:900612451; rev:1;) alert tcp $HOME_NET any -> [116.120.145.170] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.120.145.170/; sid:900612452; rev:1;) alert tcp $HOME_NET any -> [213.55.33.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.55.33.103/; sid:900612453; rev:1;) alert tcp $HOME_NET any -> [89.32.156.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.156.5/; sid:900612454; rev:1;) alert tcp $HOME_NET any -> [103.101.203.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.203.177/; sid:900612455; rev:1;) alert tcp $HOME_NET any -> [45.243.142.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.142.31/; sid:900612456; rev:1;) alert tcp $HOME_NET any -> [80.167.196.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.167.196.79/; sid:900612457; rev:1;) alert tcp $HOME_NET any -> [24.234.220.88] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.220.88/; sid:900612458; rev:1;) alert tcp $HOME_NET any -> [94.204.202.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.204.202.106/; sid:900612459; rev:1;) alert tcp $HOME_NET any -> [100.4.163.158] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.4.163.158/; sid:900612460; rev:1;) alert tcp $HOME_NET any -> [77.126.99.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.126.99.230/; sid:900612461; rev:1;) alert tcp $HOME_NET any -> [70.50.83.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.83.216/; sid:900612462; rev:1;) alert tcp $HOME_NET any -> [45.62.70.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.70.33/; sid:900612463; rev:1;) alert tcp $HOME_NET any -> [116.74.163.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.163.130/; sid:900612464; rev:1;) alert tcp $HOME_NET any -> [69.160.121.6] 61201 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.160.121.6/; sid:900612465; rev:1;) alert tcp $HOME_NET any -> [213.64.33.92] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.64.33.92/; sid:900612466; rev:1;) alert tcp $HOME_NET any -> [125.63.125.205] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.63.125.205/; sid:900612467; rev:1;) alert tcp $HOME_NET any -> [103.144.201.48] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.48/; sid:900612468; rev:1;) alert tcp $HOME_NET any -> [2.49.63.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.49.63.160/; sid:900612469; rev:1;) alert tcp $HOME_NET any -> [174.118.54.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.54.127/; sid:900612470; rev:1;) alert tcp $HOME_NET any -> [92.98.55.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.55.221/; sid:900612471; rev:1;) alert tcp $HOME_NET any -> [31.53.29.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.235/; sid:900612472; rev:1;) alert tcp $HOME_NET any -> [117.195.17.148] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.195.17.148/; sid:900612473; rev:1;) alert tcp $HOME_NET any -> [87.252.106.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.106.39/; sid:900612474; rev:1;) alert tcp $HOME_NET any -> [87.221.153.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.153.182/; sid:900612475; rev:1;) alert tcp $HOME_NET any -> [93.187.148.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.187.148.45/; sid:900612476; rev:1;) alert tcp $HOME_NET any -> [116.75.63.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.183/; sid:900612477; rev:1;) alert tcp $HOME_NET any -> [93.187.148.45] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.187.148.45/; sid:900612478; rev:1;) alert tcp $HOME_NET any -> [180.151.19.13] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.19.13/; sid:900612479; rev:1;) alert tcp $HOME_NET any -> [200.84.211.255] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.211.255/; sid:900612480; rev:1;) alert tcp $HOME_NET any -> [66.241.183.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.241.183.99/; sid:900612481; rev:1;) alert tcp $HOME_NET any -> [121.121.108.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.108.120/; sid:900612482; rev:1;) alert tcp $HOME_NET any -> [47.16.67.55] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.67.55/; sid:900612483; rev:1;) alert tcp $HOME_NET any -> [86.168.210.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.168.210.41/; sid:900612484; rev:1;) alert tcp $HOME_NET any -> [45.62.75.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.75.250/; sid:900612485; rev:1;) alert tcp $HOME_NET any -> [76.68.170.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.170.211/; sid:900612486; rev:1;) alert tcp $HOME_NET any -> [206.126.215.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.126.215.9/; sid:900612487; rev:1;) alert tcp $HOME_NET any -> [86.173.89.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.89.93/; sid:900612488; rev:1;) alert tcp $HOME_NET any -> [45.241.254.76] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.241.254.76/; sid:900612489; rev:1;) alert tcp $HOME_NET any -> [70.29.122.116] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.122.116/; sid:900612490; rev:1;) alert tcp $HOME_NET any -> [74.12.146.221] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.221/; sid:900612491; rev:1;) alert tcp $HOME_NET any -> [67.70.21.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.21.62/; sid:900612492; rev:1;) alert tcp $HOME_NET any -> [175.156.217.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.156.217.7/; sid:900612493; rev:1;) alert tcp $HOME_NET any -> [74.12.146.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.221/; sid:900612494; rev:1;) alert tcp $HOME_NET any -> [90.59.204.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.59.204.6/; sid:900612495; rev:1;) alert tcp $HOME_NET any -> [174.91.90.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.91.90.206/; sid:900612496; rev:1;) alert tcp $HOME_NET any -> [78.159.146.65] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.146.65/; sid:900612497; rev:1;) alert tcp $HOME_NET any -> [201.210.86.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.86.175/; sid:900612498; rev:1;) alert tcp $HOME_NET any -> [109.130.247.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.130.247.84/; sid:900612499; rev:1;) alert tcp $HOME_NET any -> [105.184.209.117] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.209.117/; sid:900612500; rev:1;) alert tcp $HOME_NET any -> [190.75.72.44] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.72.44/; sid:900612501; rev:1;) alert tcp $HOME_NET any -> [89.158.150.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.158.150.253/; sid:900612502; rev:1;) alert tcp $HOME_NET any -> [51.14.75.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.14.75.236/; sid:900612503; rev:1;) alert tcp $HOME_NET any -> [152.174.73.141] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.174.73.141/; sid:900612504; rev:1;) alert tcp $HOME_NET any -> [216.228.223.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.228.223.192/; sid:900612505; rev:1;) alert tcp $HOME_NET any -> [109.149.147.245] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.245/; sid:900612506; rev:1;) alert tcp $HOME_NET any -> [65.95.141.177] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.177/; sid:900612507; rev:1;) alert tcp $HOME_NET any -> [174.93.245.36] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.93.245.36/; sid:900612508; rev:1;) alert tcp $HOME_NET any -> [116.75.63.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.153/; sid:900612509; rev:1;) alert tcp $HOME_NET any -> [74.14.39.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.39.7/; sid:900612510; rev:1;) alert tcp $HOME_NET any -> [74.12.144.156] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.144.156/; sid:900612511; rev:1;) alert tcp $HOME_NET any -> [66.35.126.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.126.117/; sid:900612512; rev:1;) alert tcp $HOME_NET any -> [94.207.125.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.207.125.252/; sid:900612513; rev:1;) alert tcp $HOME_NET any -> [89.115.200.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.115.200.234/; sid:900612514; rev:1;) alert tcp $HOME_NET any -> [45.2.61.134] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.2.61.134/; sid:900612515; rev:1;) alert tcp $HOME_NET any -> [86.222.101.244] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.101.244/; sid:900612516; rev:1;) alert tcp $HOME_NET any -> [86.98.23.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.23.41/; sid:900612517; rev:1;) alert tcp $HOME_NET any -> [38.180.25.71] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.180.25.71/; sid:900612518; rev:1;) alert tcp $HOME_NET any -> [37.1.214.229] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.1.214.229/; sid:900612519; rev:1;) alert tcp $HOME_NET any -> [74.12.144.156] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.144.156/; sid:900612520; rev:1;) alert tcp $HOME_NET any -> [72.253.126.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.253.126.216/; sid:900612521; rev:1;) alert tcp $HOME_NET any -> [37.189.89.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.189.89.196/; sid:900612522; rev:1;) alert tcp $HOME_NET any -> [49.175.72.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.188/; sid:900612523; rev:1;) alert tcp $HOME_NET any -> [1.221.179.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.221.179.74/; sid:900612524; rev:1;) alert tcp $HOME_NET any -> [94.59.123.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.123.30/; sid:900612525; rev:1;) alert tcp $HOME_NET any -> [125.63.121.38] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.63.121.38/; sid:900612526; rev:1;) alert tcp $HOME_NET any -> [31.53.29.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.216/; sid:900612527; rev:1;) alert tcp $HOME_NET any -> [190.75.134.240] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.134.240/; sid:900612528; rev:1;) alert tcp $HOME_NET any -> [189.223.184.79] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.184.79/; sid:900612529; rev:1;) alert tcp $HOME_NET any -> [105.186.128.187] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.128.187/; sid:900612530; rev:1;) alert tcp $HOME_NET any -> [98.4.43.111] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.4.43.111/; sid:900612531; rev:1;) alert tcp $HOME_NET any -> [121.121.100.202] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.121.100.202/; sid:900612532; rev:1;) alert tcp $HOME_NET any -> [190.249.248.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.248.153/; sid:900612533; rev:1;) alert tcp $HOME_NET any -> [86.178.226.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.226.92/; sid:900612534; rev:1;) alert tcp $HOME_NET any -> [78.159.147.185] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.147.185/; sid:900612535; rev:1;) alert tcp $HOME_NET any -> [102.159.32.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.32.187/; sid:900612536; rev:1;) alert tcp $HOME_NET any -> [151.62.164.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.164.49/; sid:900612537; rev:1;) alert tcp $HOME_NET any -> [94.204.195.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.204.195.51/; sid:900612538; rev:1;) alert tcp $HOME_NET any -> [151.30.207.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.30.207.24/; sid:900612539; rev:1;) alert tcp $HOME_NET any -> [86.189.153.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.189.153.214/; sid:900612540; rev:1;) alert tcp $HOME_NET any -> [2.14.232.15] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.14.232.15/; sid:900612541; rev:1;) alert tcp $HOME_NET any -> [74.12.144.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.144.156/; sid:900612542; rev:1;) alert tcp $HOME_NET any -> [161.142.100.114] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.100.114/; sid:900612543; rev:1;) alert tcp $HOME_NET any -> [86.98.20.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.20.183/; sid:900612544; rev:1;) alert tcp $HOME_NET any -> [69.114.94.71] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.114.94.71/; sid:900612545; rev:1;) alert tcp $HOME_NET any -> [86.129.138.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.129.138.170/; sid:900612546; rev:1;) alert tcp $HOME_NET any -> [100.4.162.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.4.162.221/; sid:900612547; rev:1;) alert tcp $HOME_NET any -> [69.159.156.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.156.196/; sid:900612548; rev:1;) alert tcp $HOME_NET any -> [70.49.133.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.49.133.93/; sid:900612549; rev:1;) alert tcp $HOME_NET any -> [47.16.71.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.71.182/; sid:900612550; rev:1;) alert tcp $HOME_NET any -> [92.59.250.137] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.59.250.137/; sid:900612551; rev:1;) alert tcp $HOME_NET any -> [38.180.25.111] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.180.25.111/; sid:900612552; rev:1;) alert tcp $HOME_NET any -> [37.1.214.72] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.1.214.72/; sid:900612553; rev:1;) alert tcp $HOME_NET any -> [38.180.4.165] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.180.4.165/; sid:900612554; rev:1;) alert tcp $HOME_NET any -> [173.17.45.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.17.45.60/; sid:900612555; rev:1;) alert tcp $HOME_NET any -> [105.184.115.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.115.148/; sid:900612556; rev:1;) alert tcp $HOME_NET any -> [45.62.75.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.75.217/; sid:900612557; rev:1;) alert tcp $HOME_NET any -> [24.122.48.63] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.122.48.63/; sid:900612558; rev:1;) alert tcp $HOME_NET any -> [70.51.132.7] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.7/; sid:900612559; rev:1;) alert tcp $HOME_NET any -> [151.213.180.115] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.180.115/; sid:900612560; rev:1;) alert tcp $HOME_NET any -> [31.111.81.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.111.81.188/; sid:900612561; rev:1;) alert tcp $HOME_NET any -> [78.159.147.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.147.83/; sid:900612562; rev:1;) alert tcp $HOME_NET any -> [197.87.143.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.143.88/; sid:900612563; rev:1;) alert tcp $HOME_NET any -> [99.199.102.29] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.199.102.29/; sid:900612564; rev:1;) alert tcp $HOME_NET any -> [174.89.121.82] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.89.121.82/; sid:900612565; rev:1;) alert tcp $HOME_NET any -> [75.90.41.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.90.41.83/; sid:900612566; rev:1;) alert tcp $HOME_NET any -> [65.95.141.20] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.141.20/; sid:900612567; rev:1;) alert tcp $HOME_NET any -> [102.158.231.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.231.164/; sid:900612568; rev:1;) alert tcp $HOME_NET any -> [74.12.147.121] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.121/; sid:900612569; rev:1;) alert tcp $HOME_NET any -> [105.184.115.128] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.115.128/; sid:900612570; rev:1;) alert tcp $HOME_NET any -> [74.12.147.121] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.121/; sid:900612571; rev:1;) alert tcp $HOME_NET any -> [189.241.128.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.241.128.154/; sid:900612572; rev:1;) alert tcp $HOME_NET any -> [86.97.96.62] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.96.62/; sid:900612573; rev:1;) alert tcp $HOME_NET any -> [151.62.204.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.204.147/; sid:900612574; rev:1;) alert tcp $HOME_NET any -> [70.52.230.19] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.52.230.19/; sid:900612575; rev:1;) alert tcp $HOME_NET any -> [190.199.147.209] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.147.209/; sid:900612576; rev:1;) alert tcp $HOME_NET any -> [90.26.152.228] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.26.152.228/; sid:900612577; rev:1;) alert tcp $HOME_NET any -> [73.245.168.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.245.168.200/; sid:900612578; rev:1;) alert tcp $HOME_NET any -> [223.17.33.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.33.110/; sid:900612579; rev:1;) alert tcp $HOME_NET any -> [74.12.146.45] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.45/; sid:900612580; rev:1;) alert tcp $HOME_NET any -> [71.29.69.95] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.29.69.95/; sid:900612581; rev:1;) alert tcp $HOME_NET any -> [116.75.63.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.181/; sid:900612582; rev:1;) alert tcp $HOME_NET any -> [105.184.83.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.83.141/; sid:900612583; rev:1;) alert tcp $HOME_NET any -> [89.181.227.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.181.227.42/; sid:900612584; rev:1;) alert tcp $HOME_NET any -> [86.98.222.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.222.20/; sid:900612585; rev:1;) alert tcp $HOME_NET any -> [102.156.161.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.161.41/; sid:900612586; rev:1;) alert tcp $HOME_NET any -> [187.199.244.117] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.244.117/; sid:900612587; rev:1;) alert tcp $HOME_NET any -> [165.120.244.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.120.244.223/; sid:900612588; rev:1;) alert tcp $HOME_NET any -> [67.87.119.216] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.87.119.216/; sid:900612589; rev:1;) alert tcp $HOME_NET any -> [74.12.146.45] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.45/; sid:900612590; rev:1;) alert tcp $HOME_NET any -> [197.83.246.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.246.199/; sid:900612591; rev:1;) alert tcp $HOME_NET any -> [103.123.223.153] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.153/; sid:900612592; rev:1;) alert tcp $HOME_NET any -> [41.129.38.191] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.129.38.191/; sid:900612593; rev:1;) alert tcp $HOME_NET any -> [201.137.236.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.236.27/; sid:900612594; rev:1;) alert tcp $HOME_NET any -> [197.26.182.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.182.159/; sid:900612595; rev:1;) alert tcp $HOME_NET any -> [142.119.34.18] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.119.34.18/; sid:900612596; rev:1;) alert tcp $HOME_NET any -> [76.68.170.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.170.65/; sid:900612597; rev:1;) alert tcp $HOME_NET any -> [41.227.83.112] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.83.112/; sid:900612598; rev:1;) alert tcp $HOME_NET any -> [65.94.87.33] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.87.33/; sid:900612599; rev:1;) alert tcp $HOME_NET any -> [86.176.83.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.83.13/; sid:900612600; rev:1;) alert tcp $HOME_NET any -> [73.229.74.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.229.74.150/; sid:900612601; rev:1;) alert tcp $HOME_NET any -> [197.204.11.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.11.218/; sid:900612602; rev:1;) alert tcp $HOME_NET any -> [151.62.174.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.174.154/; sid:900612603; rev:1;) alert tcp $HOME_NET any -> [67.87.119.216] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.87.119.216/; sid:900612604; rev:1;) alert tcp $HOME_NET any -> [67.71.9.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.71.9.30/; sid:900612605; rev:1;) alert tcp $HOME_NET any -> [130.43.110.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.110.181/; sid:900612606; rev:1;) alert tcp $HOME_NET any -> [200.93.25.6] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.25.6/; sid:900612607; rev:1;) alert tcp $HOME_NET any -> [142.188.88.42] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.188.88.42/; sid:900612608; rev:1;) alert tcp $HOME_NET any -> [184.20.136.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.20.136.30/; sid:900612609; rev:1;) alert tcp $HOME_NET any -> [86.182.82.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.182.82.61/; sid:900612610; rev:1;) alert tcp $HOME_NET any -> [203.219.204.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.219.204.180/; sid:900612611; rev:1;) alert tcp $HOME_NET any -> [49.175.72.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.81/; sid:900612612; rev:1;) alert tcp $HOME_NET any -> [114.143.176.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.176.237/; sid:900612613; rev:1;) alert tcp $HOME_NET any -> [84.213.236.225] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.213.236.225/; sid:900612614; rev:1;) alert tcp $HOME_NET any -> [2.50.166.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.166.115/; sid:900612615; rev:1;) alert tcp $HOME_NET any -> [71.31.9.49] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.9.49/; sid:900612616; rev:1;) alert tcp $HOME_NET any -> [37.186.55.8] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.8/; sid:900612617; rev:1;) alert tcp $HOME_NET any -> [116.75.63.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.143/; sid:900612618; rev:1;) alert tcp $HOME_NET any -> [181.165.19.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.19.254/; sid:900612619; rev:1;) alert tcp $HOME_NET any -> [78.159.145.7] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.145.7/; sid:900612620; rev:1;) alert tcp $HOME_NET any -> [31.190.240.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.240.11/; sid:900612621; rev:1;) alert tcp $HOME_NET any -> [31.53.29.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.210/; sid:900612622; rev:1;) alert tcp $HOME_NET any -> [8.20.255.249] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.20.255.249/; sid:900612623; rev:1;) alert tcp $HOME_NET any -> [86.128.15.251] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.128.15.251/; sid:900612624; rev:1;) alert tcp $HOME_NET any -> [41.228.224.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.224.205/; sid:900612625; rev:1;) alert tcp $HOME_NET any -> [31.190.82.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.82.222/; sid:900612626; rev:1;) alert tcp $HOME_NET any -> [197.0.146.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.146.211/; sid:900612627; rev:1;) alert tcp $HOME_NET any -> [31.111.81.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.111.81.139/; sid:900612628; rev:1;) alert tcp $HOME_NET any -> [103.144.201.63] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.63/; sid:900612629; rev:1;) alert tcp $HOME_NET any -> [180.151.13.23] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.151.13.23/; sid:900612630; rev:1;) alert tcp $HOME_NET any -> [109.149.147.195] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.149.147.195/; sid:900612631; rev:1;) alert tcp $HOME_NET any -> [86.160.253.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.160.253.50/; sid:900612632; rev:1;) alert tcp $HOME_NET any -> [86.164.33.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.164.33.69/; sid:900612633; rev:1;) alert tcp $HOME_NET any -> [74.12.147.242] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.242/; sid:900612634; rev:1;) alert tcp $HOME_NET any -> [37.186.59.83] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.59.83/; sid:900612635; rev:1;) alert tcp $HOME_NET any -> [116.75.58.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.58.53/; sid:900612636; rev:1;) alert tcp $HOME_NET any -> [74.12.147.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.242/; sid:900612637; rev:1;) alert tcp $HOME_NET any -> [110.159.115.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.159.115.244/; sid:900612638; rev:1;) alert tcp $HOME_NET any -> [23.234.237.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.234.237.3/; sid:900612639; rev:1;) alert tcp $HOME_NET any -> [197.204.215.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.215.75/; sid:900612640; rev:1;) alert tcp $HOME_NET any -> [135.19.158.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.19.158.248/; sid:900612641; rev:1;) alert tcp $HOME_NET any -> [142.154.32.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.154.32.124/; sid:900612642; rev:1;) alert tcp $HOME_NET any -> [39.40.59.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.40.59.71/; sid:900612643; rev:1;) alert tcp $HOME_NET any -> [100.4.182.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.4.182.142/; sid:900612644; rev:1;) alert tcp $HOME_NET any -> [217.165.255.105] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.255.105/; sid:900612645; rev:1;) alert tcp $HOME_NET any -> [94.204.247.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.204.247.243/; sid:900612646; rev:1;) alert tcp $HOME_NET any -> [181.230.169.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.169.180/; sid:900612647; rev:1;) alert tcp $HOME_NET any -> [200.112.67.75] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.112.67.75/; sid:900612648; rev:1;) alert tcp $HOME_NET any -> [223.122.118.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.122.118.123/; sid:900612649; rev:1;) alert tcp $HOME_NET any -> [152.254.162.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.254.162.118/; sid:900612650; rev:1;) alert tcp $HOME_NET any -> [184.82.238.145] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.238.145/; sid:900612651; rev:1;) alert tcp $HOME_NET any -> [200.165.61.119] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.165.61.119/; sid:900612652; rev:1;) alert tcp $HOME_NET any -> [70.29.122.190] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.122.190/; sid:900612653; rev:1;) alert tcp $HOME_NET any -> [78.87.249.106] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.249.106/; sid:900612654; rev:1;) alert tcp $HOME_NET any -> [189.223.76.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.76.48/; sid:900612655; rev:1;) alert tcp $HOME_NET any -> [23.91.184.29] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.91.184.29/; sid:900612656; rev:1;) alert tcp $HOME_NET any -> [23.91.184.29] 8080 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.91.184.29/; sid:900612657; rev:1;) alert tcp $HOME_NET any -> [60.189.156.185] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.189.156.185/; sid:900612658; rev:1;) alert tcp $HOME_NET any -> [86.176.144.175] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.144.175/; sid:900612659; rev:1;) alert tcp $HOME_NET any -> [51.37.181.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.37.181.9/; sid:900612660; rev:1;) alert tcp $HOME_NET any -> [217.129.220.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.129.220.205/; sid:900612661; rev:1;) alert tcp $HOME_NET any -> [45.201.208.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.208.87/; sid:900612662; rev:1;) alert tcp $HOME_NET any -> [220.79.238.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.79.238.82/; sid:900612663; rev:1;) alert tcp $HOME_NET any -> [103.141.50.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.45/; sid:900612664; rev:1;) alert tcp $HOME_NET any -> [41.97.30.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.30.206/; sid:900612665; rev:1;) alert tcp $HOME_NET any -> [92.97.227.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.227.66/; sid:900612666; rev:1;) alert tcp $HOME_NET any -> [136.232.179.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.179.26/; sid:900612667; rev:1;) alert tcp $HOME_NET any -> [103.176.239.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.176.239.98/; sid:900612668; rev:1;) alert tcp $HOME_NET any -> [116.74.163.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.163.180/; sid:900612669; rev:1;) alert tcp $HOME_NET any -> [72.4.96.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.4.96.62/; sid:900612670; rev:1;) alert tcp $HOME_NET any -> [71.30.208.132] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.30.208.132/; sid:900612671; rev:1;) alert tcp $HOME_NET any -> [116.88.76.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.88.76.28/; sid:900612672; rev:1;) alert tcp $HOME_NET any -> [41.129.104.142] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.129.104.142/; sid:900612673; rev:1;) alert tcp $HOME_NET any -> [87.149.116.32] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.149.116.32/; sid:900612674; rev:1;) alert tcp $HOME_NET any -> [105.186.242.215] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.242.215/; sid:900612675; rev:1;) alert tcp $HOME_NET any -> [89.32.156.4] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.156.4/; sid:900612676; rev:1;) alert tcp $HOME_NET any -> [197.204.28.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.28.90/; sid:900612677; rev:1;) alert tcp $HOME_NET any -> [197.26.147.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.147.241/; sid:900612678; rev:1;) alert tcp $HOME_NET any -> [64.229.199.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.199.241/; sid:900612679; rev:1;) alert tcp $HOME_NET any -> [201.124.30.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.30.73/; sid:900612680; rev:1;) alert tcp $HOME_NET any -> [177.170.92.205] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.170.92.205/; sid:900612681; rev:1;) alert tcp $HOME_NET any -> [190.203.46.164] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.203.46.164/; sid:900612682; rev:1;) alert tcp $HOME_NET any -> [69.119.123.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.119.123.186/; sid:900612683; rev:1;) alert tcp $HOME_NET any -> [37.6.248.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.6.248.2/; sid:900612684; rev:1;) alert tcp $HOME_NET any -> [150.195.117.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.195.117.207/; sid:900612685; rev:1;) alert tcp $HOME_NET any -> [81.150.169.174] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.169.174/; sid:900612686; rev:1;) alert tcp $HOME_NET any -> [68.186.65.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.186.65.132/; sid:900612687; rev:1;) alert tcp $HOME_NET any -> [45.65.50.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.65.50.50/; sid:900612688; rev:1;) alert tcp $HOME_NET any -> [74.12.147.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.74/; sid:900612689; rev:1;) alert tcp $HOME_NET any -> [24.234.80.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.80.122/; sid:900612690; rev:1;) alert tcp $HOME_NET any -> [91.254.145.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.254.145.252/; sid:900612691; rev:1;) alert tcp $HOME_NET any -> [197.90.177.242] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.90.177.242/; sid:900612692; rev:1;) alert tcp $HOME_NET any -> [176.111.174.67] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.111.174.67/; sid:900612693; rev:1;) alert tcp $HOME_NET any -> [81.150.169.174] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.169.174/; sid:900612694; rev:1;) alert tcp $HOME_NET any -> [82.155.197.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.155.197.166/; sid:900612695; rev:1;) alert tcp $HOME_NET any -> [124.149.132.112] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.149.132.112/; sid:900612696; rev:1;) alert tcp $HOME_NET any -> [142.112.133.14] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.112.133.14/; sid:900612697; rev:1;) alert tcp $HOME_NET any -> [88.122.221.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.122.221.227/; sid:900612698; rev:1;) alert tcp $HOME_NET any -> [96.236.200.236] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.236.200.236/; sid:900612699; rev:1;) alert tcp $HOME_NET any -> [176.44.123.169] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.44.123.169/; sid:900612700; rev:1;) alert tcp $HOME_NET any -> [86.170.169.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.170.169.53/; sid:900612701; rev:1;) alert tcp $HOME_NET any -> [102.130.200.134] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.130.200.134/; sid:900612702; rev:1;) alert tcp $HOME_NET any -> [105.186.138.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.138.229/; sid:900612703; rev:1;) alert tcp $HOME_NET any -> [90.28.169.79] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.28.169.79/; sid:900612704; rev:1;) alert tcp $HOME_NET any -> [176.111.174.70] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.111.174.70/; sid:900612705; rev:1;) alert tcp $HOME_NET any -> [176.111.174.65] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.111.174.65/; sid:900612706; rev:1;) alert tcp $HOME_NET any -> [176.111.174.66] 443 (msg:"Feodo Tracker: potential BumbleBee CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.111.174.66/; sid:900612707; rev:1;) alert tcp $HOME_NET any -> [81.150.169.174] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.169.174/; sid:900612708; rev:1;) alert tcp $HOME_NET any -> [192.252.166.24] 8080 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.252.166.24/; sid:900612709; rev:1;) alert tcp $HOME_NET any -> [192.252.166.24] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.252.166.24/; sid:900612710; rev:1;) alert tcp $HOME_NET any -> [47.16.77.99] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.77.99/; sid:900612711; rev:1;) alert tcp $HOME_NET any -> [102.182.81.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.81.253/; sid:900612712; rev:1;) alert tcp $HOME_NET any -> [103.144.201.52] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.201.52/; sid:900612713; rev:1;) alert tcp $HOME_NET any -> [109.105.29.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.105.29.93/; sid:900612714; rev:1;) alert tcp $HOME_NET any -> [151.3.191.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.3.191.5/; sid:900612715; rev:1;) alert tcp $HOME_NET any -> [103.123.223.131] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.123.223.131/; sid:900612716; rev:1;) alert tcp $HOME_NET any -> [201.171.159.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.159.196/; sid:900612717; rev:1;) alert tcp $HOME_NET any -> [74.12.147.68] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.68/; sid:900612718; rev:1;) alert tcp $HOME_NET any -> [94.204.121.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.204.121.72/; sid:900612719; rev:1;) alert tcp $HOME_NET any -> [64.229.117.208] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.117.208/; sid:900612720; rev:1;) alert tcp $HOME_NET any -> [87.252.106.235] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.106.235/; sid:900612721; rev:1;) alert tcp $HOME_NET any -> [197.3.227.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.3.227.63/; sid:900612722; rev:1;) alert tcp $HOME_NET any -> [103.141.50.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.141.50.46/; sid:900612723; rev:1;) alert tcp $HOME_NET any -> [124.122.47.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.47.219/; sid:900612724; rev:1;) alert tcp $HOME_NET any -> [201.227.113.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.227.113.134/; sid:900612725; rev:1;) alert tcp $HOME_NET any -> [168.149.47.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.149.47.12/; sid:900612726; rev:1;) alert tcp $HOME_NET any -> [71.31.9.226] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.31.9.226/; sid:900612727; rev:1;) alert tcp $HOME_NET any -> [103.139.243.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.139.243.205/; sid:900612728; rev:1;) alert tcp $HOME_NET any -> [103.134.117.111] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.134.117.111/; sid:900612729; rev:1;) alert tcp $HOME_NET any -> [119.82.71.94] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.71.94/; sid:900612730; rev:1;) alert tcp $HOME_NET any -> [24.138.87.122] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.138.87.122/; sid:900612731; rev:1;) alert tcp $HOME_NET any -> [125.99.69.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.69.177/; sid:900612732; rev:1;) alert tcp $HOME_NET any -> [80.5.111.67] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.5.111.67/; sid:900612733; rev:1;) alert tcp $HOME_NET any -> [39.110.150.81] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.110.150.81/; sid:900612734; rev:1;) alert tcp $HOME_NET any -> [78.87.242.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.242.218/; sid:900612735; rev:1;) alert tcp $HOME_NET any -> [201.188.34.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.188.34.42/; sid:900612736; rev:1;) alert tcp $HOME_NET any -> [95.230.110.222] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.230.110.222/; sid:900612737; rev:1;) alert tcp $HOME_NET any -> [103.153.180.59] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.153.180.59/; sid:900612738; rev:1;) alert tcp $HOME_NET any -> [81.157.120.247] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.157.120.247/; sid:900612739; rev:1;) alert tcp $HOME_NET any -> [60.189.130.84] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.189.130.84/; sid:900612740; rev:1;) alert tcp $HOME_NET any -> [151.62.196.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.196.183/; sid:900612741; rev:1;) alert tcp $HOME_NET any -> [151.69.32.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.69.32.238/; sid:900612742; rev:1;) alert tcp $HOME_NET any -> [87.149.121.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.149.121.9/; sid:900612743; rev:1;) alert tcp $HOME_NET any -> [41.228.207.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.207.158/; sid:900612744; rev:1;) alert tcp $HOME_NET any -> [70.51.247.250] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.247.250/; sid:900612745; rev:1;) alert tcp $HOME_NET any -> [70.49.205.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.49.205.191/; sid:900612746; rev:1;) alert tcp $HOME_NET any -> [102.158.46.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.158.46.89/; sid:900612747; rev:1;) alert tcp $HOME_NET any -> [70.54.111.35] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.54.111.35/; sid:900612748; rev:1;) alert tcp $HOME_NET any -> [86.178.33.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.33.59/; sid:900612749; rev:1;) alert tcp $HOME_NET any -> [103.153.180.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.153.180.60/; sid:900612750; rev:1;) alert tcp $HOME_NET any -> [31.53.29.188] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.188/; sid:900612751; rev:1;) alert tcp $HOME_NET any -> [119.82.95.142] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.95.142/; sid:900612752; rev:1;) alert tcp $HOME_NET any -> [105.184.8.190] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.8.190/; sid:900612753; rev:1;) alert tcp $HOME_NET any -> [201.225.216.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.225.216.60/; sid:900612754; rev:1;) alert tcp $HOME_NET any -> [89.152.20.11] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.152.20.11/; sid:900612755; rev:1;) alert tcp $HOME_NET any -> [198.255.148.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.255.148.59/; sid:900612756; rev:1;) alert tcp $HOME_NET any -> [116.75.63.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.162/; sid:900612757; rev:1;) alert tcp $HOME_NET any -> [197.83.246.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.246.187/; sid:900612758; rev:1;) alert tcp $HOME_NET any -> [2.49.63.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.49.63.237/; sid:900612759; rev:1;) alert tcp $HOME_NET any -> [201.208.135.13] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.135.13/; sid:900612760; rev:1;) alert tcp $HOME_NET any -> [91.182.163.36] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.182.163.36/; sid:900612761; rev:1;) alert tcp $HOME_NET any -> [187.199.128.160] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.128.160/; sid:900612762; rev:1;) alert tcp $HOME_NET any -> [82.28.123.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.28.123.50/; sid:900612763; rev:1;) alert tcp $HOME_NET any -> [197.0.40.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.40.156/; sid:900612764; rev:1;) alert tcp $HOME_NET any -> [86.178.238.140] 50000 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.238.140/; sid:900612765; rev:1;) alert tcp $HOME_NET any -> [70.27.163.191] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.163.191/; sid:900612766; rev:1;) alert tcp $HOME_NET any -> [109.220.83.213] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.220.83.213/; sid:900612767; rev:1;) alert tcp $HOME_NET any -> [142.127.25.253] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.127.25.253/; sid:900612768; rev:1;) alert tcp $HOME_NET any -> [213.120.82.194] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.82.194/; sid:900612769; rev:1;) alert tcp $HOME_NET any -> [184.82.237.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.237.226/; sid:900612770; rev:1;) alert tcp $HOME_NET any -> [191.191.1.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.191.1.254/; sid:900612771; rev:1;) alert tcp $HOME_NET any -> [190.249.245.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.245.224/; sid:900612772; rev:1;) alert tcp $HOME_NET any -> [87.220.204.58] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.220.204.58/; sid:900612773; rev:1;) alert tcp $HOME_NET any -> [69.159.156.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.156.197/; sid:900612774; rev:1;) alert tcp $HOME_NET any -> [65.95.192.151] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.95.192.151/; sid:900612775; rev:1;) alert tcp $HOME_NET any -> [142.154.58.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.154.58.207/; sid:900612776; rev:1;) alert tcp $HOME_NET any -> [67.71.53.228] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.71.53.228/; sid:900612777; rev:1;) alert tcp $HOME_NET any -> [93.163.74.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.163.74.91/; sid:900612778; rev:1;) alert tcp $HOME_NET any -> [86.222.103.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.103.217/; sid:900612779; rev:1;) alert tcp $HOME_NET any -> [102.157.134.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.134.72/; sid:900612780; rev:1;) alert tcp $HOME_NET any -> [105.184.115.220] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.115.220/; sid:900612781; rev:1;) alert tcp $HOME_NET any -> [45.62.67.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.67.129/; sid:900612782; rev:1;) alert tcp $HOME_NET any -> [181.99.46.218] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.46.218/; sid:900612783; rev:1;) alert tcp $HOME_NET any -> [192.252.161.27] 8080 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.252.161.27/; sid:900612784; rev:1;) alert tcp $HOME_NET any -> [192.252.161.27] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.252.161.27/; sid:900612785; rev:1;) alert tcp $HOME_NET any -> [187.170.150.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.170.150.63/; sid:900612786; rev:1;) alert tcp $HOME_NET any -> [200.100.33.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.100.33.31/; sid:900612787; rev:1;) alert tcp $HOME_NET any -> [103.153.180.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.153.180.55/; sid:900612788; rev:1;) alert tcp $HOME_NET any -> [171.96.205.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.205.23/; sid:900612789; rev:1;) alert tcp $HOME_NET any -> [119.82.91.203] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.91.203/; sid:900612790; rev:1;) alert tcp $HOME_NET any -> [151.62.193.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.193.97/; sid:900612791; rev:1;) alert tcp $HOME_NET any -> [90.63.198.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.198.45/; sid:900612792; rev:1;) alert tcp $HOME_NET any -> [197.86.195.118] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.86.195.118/; sid:900612793; rev:1;) alert tcp $HOME_NET any -> [181.171.231.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.231.230/; sid:900612794; rev:1;) alert tcp $HOME_NET any -> [176.151.50.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.151.50.50/; sid:900612795; rev:1;) alert tcp $HOME_NET any -> [47.18.213.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.18.213.41/; sid:900612796; rev:1;) alert tcp $HOME_NET any -> [66.35.127.23] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.127.23/; sid:900612797; rev:1;) alert tcp $HOME_NET any -> [64.237.92.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.92.116/; sid:900612798; rev:1;) alert tcp $HOME_NET any -> [190.141.190.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.190.139/; sid:900612799; rev:1;) alert tcp $HOME_NET any -> [201.188.33.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.188.33.148/; sid:900612800; rev:1;) alert tcp $HOME_NET any -> [74.12.146.54] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.54/; sid:900612801; rev:1;) alert tcp $HOME_NET any -> [105.186.242.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.242.78/; sid:900612802; rev:1;) alert tcp $HOME_NET any -> [206.47.216.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.47.216.169/; sid:900612803; rev:1;) alert tcp $HOME_NET any -> [200.44.216.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.44.216.29/; sid:900612804; rev:1;) alert tcp $HOME_NET any -> [92.17.119.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.119.217/; sid:900612805; rev:1;) alert tcp $HOME_NET any -> [70.53.31.201] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.31.201/; sid:900612806; rev:1;) alert tcp $HOME_NET any -> [39.40.65.152] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.40.65.152/; sid:900612807; rev:1;) alert tcp $HOME_NET any -> [168.149.10.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.149.10.216/; sid:900612808; rev:1;) alert tcp $HOME_NET any -> [37.152.205.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.205.85/; sid:900612809; rev:1;) alert tcp $HOME_NET any -> [173.94.139.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.139.80/; sid:900612810; rev:1;) alert tcp $HOME_NET any -> [105.186.138.88] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.138.88/; sid:900612811; rev:1;) alert tcp $HOME_NET any -> [47.181.12.202] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.181.12.202/; sid:900612812; rev:1;) alert tcp $HOME_NET any -> [201.188.44.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.188.44.168/; sid:900612813; rev:1;) alert tcp $HOME_NET any -> [183.214.198.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.214.198.69/; sid:900612814; rev:1;) alert tcp $HOME_NET any -> [197.92.136.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.136.237/; sid:900612815; rev:1;) alert tcp $HOME_NET any -> [102.156.211.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.211.81/; sid:900612816; rev:1;) alert tcp $HOME_NET any -> [110.159.115.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.159.115.53/; sid:900612817; rev:1;) alert tcp $HOME_NET any -> [103.59.196.146] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.196.146/; sid:900612818; rev:1;) alert tcp $HOME_NET any -> [184.82.239.56] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.239.56/; sid:900612819; rev:1;) alert tcp $HOME_NET any -> [142.119.122.66] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.119.122.66/; sid:900612820; rev:1;) alert tcp $HOME_NET any -> [151.62.186.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.186.146/; sid:900612821; rev:1;) alert tcp $HOME_NET any -> [190.249.196.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.196.144/; sid:900612822; rev:1;) alert tcp $HOME_NET any -> [83.110.73.124] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.73.124/; sid:900612823; rev:1;) alert tcp $HOME_NET any -> [85.95.113.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.95.113.17/; sid:900612824; rev:1;) alert tcp $HOME_NET any -> [98.19.227.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.19.227.246/; sid:900612825; rev:1;) alert tcp $HOME_NET any -> [151.64.193.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.64.193.70/; sid:900612826; rev:1;) alert tcp $HOME_NET any -> [49.175.72.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.181/; sid:900612827; rev:1;) alert tcp $HOME_NET any -> [89.32.158.24] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.158.24/; sid:900612828; rev:1;) alert tcp $HOME_NET any -> [74.12.147.149] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.149/; sid:900612829; rev:1;) alert tcp $HOME_NET any -> [70.52.230.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.52.230.210/; sid:900612830; rev:1;) alert tcp $HOME_NET any -> [109.153.10.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.153.10.81/; sid:900612831; rev:1;) alert tcp $HOME_NET any -> [81.103.94.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.103.94.60/; sid:900612832; rev:1;) alert tcp $HOME_NET any -> [86.160.222.62] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.160.222.62/; sid:900612833; rev:1;) alert tcp $HOME_NET any -> [71.29.114.93] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.29.114.93/; sid:900612834; rev:1;) alert tcp $HOME_NET any -> [95.239.206.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.239.206.5/; sid:900612835; rev:1;) alert tcp $HOME_NET any -> [179.104.37.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.104.37.97/; sid:900612836; rev:1;) alert tcp $HOME_NET any -> [216.215.94.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.215.94.46/; sid:900612837; rev:1;) alert tcp $HOME_NET any -> [197.89.10.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.10.173/; sid:900612838; rev:1;) alert tcp $HOME_NET any -> [105.184.103.218] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.103.218/; sid:900612839; rev:1;) alert tcp $HOME_NET any -> [192.252.164.186] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.252.164.186/; sid:900612840; rev:1;) alert tcp $HOME_NET any -> [142.154.15.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.154.15.141/; sid:900612841; rev:1;) alert tcp $HOME_NET any -> [5.54.79.204] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.79.204/; sid:900612842; rev:1;) alert tcp $HOME_NET any -> [171.96.205.187] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.205.187/; sid:900612843; rev:1;) alert tcp $HOME_NET any -> [151.62.58.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.58.53/; sid:900612844; rev:1;) alert tcp $HOME_NET any -> [202.88.154.146] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.88.154.146/; sid:900612845; rev:1;) alert tcp $HOME_NET any -> [65.94.85.237] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.85.237/; sid:900612846; rev:1;) alert tcp $HOME_NET any -> [87.221.196.10] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.196.10/; sid:900612847; rev:1;) alert tcp $HOME_NET any -> [102.159.183.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.183.231/; sid:900612848; rev:1;) alert tcp $HOME_NET any -> [74.12.147.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.214/; sid:900612849; rev:1;) alert tcp $HOME_NET any -> [161.142.102.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.102.116/; sid:900612850; rev:1;) alert tcp $HOME_NET any -> [184.82.228.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.228.178/; sid:900612851; rev:1;) alert tcp $HOME_NET any -> [67.87.119.216] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.87.119.216/; sid:900612852; rev:1;) alert tcp $HOME_NET any -> [92.98.108.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.98.108.85/; sid:900612853; rev:1;) alert tcp $HOME_NET any -> [74.12.147.111] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.111/; sid:900612854; rev:1;) alert tcp $HOME_NET any -> [45.62.67.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.67.213/; sid:900612855; rev:1;) alert tcp $HOME_NET any -> [190.75.128.156] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.128.156/; sid:900612856; rev:1;) alert tcp $HOME_NET any -> [187.170.150.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.170.150.119/; sid:900612857; rev:1;) alert tcp $HOME_NET any -> [130.43.54.94] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.43.54.94/; sid:900612858; rev:1;) alert tcp $HOME_NET any -> [151.213.67.195] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.213.67.195/; sid:900612859; rev:1;) alert tcp $HOME_NET any -> [102.157.55.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.55.91/; sid:900612860; rev:1;) alert tcp $HOME_NET any -> [142.188.91.223] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.188.91.223/; sid:900612861; rev:1;) alert tcp $HOME_NET any -> [197.0.88.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.88.92/; sid:900612862; rev:1;) alert tcp $HOME_NET any -> [31.190.253.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.190.253.36/; sid:900612863; rev:1;) alert tcp $HOME_NET any -> [181.99.53.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.53.124/; sid:900612864; rev:1;) alert tcp $HOME_NET any -> [201.171.21.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.21.205/; sid:900612865; rev:1;) alert tcp $HOME_NET any -> [125.22.128.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.22.128.74/; sid:900612866; rev:1;) alert tcp $HOME_NET any -> [125.22.128.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.22.128.75/; sid:900612867; rev:1;) alert tcp $HOME_NET any -> [87.221.197.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.221.197.81/; sid:900612868; rev:1;) alert tcp $HOME_NET any -> [167.56.202.246] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.56.202.246/; sid:900612869; rev:1;) alert tcp $HOME_NET any -> [217.165.14.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.14.150/; sid:900612870; rev:1;) alert tcp $HOME_NET any -> [115.186.158.144] 50001 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.186.158.144/; sid:900612871; rev:1;) alert tcp $HOME_NET any -> [142.117.240.85] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.117.240.85/; sid:900612872; rev:1;) alert tcp $HOME_NET any -> [95.16.149.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.16.149.148/; sid:900612873; rev:1;) alert tcp $HOME_NET any -> [197.87.63.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.63.16/; sid:900612874; rev:1;) alert tcp $HOME_NET any -> [181.110.97.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.110.97.52/; sid:900612875; rev:1;) alert tcp $HOME_NET any -> [31.50.144.213] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.50.144.213/; sid:900612876; rev:1;) alert tcp $HOME_NET any -> [109.150.93.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.150.93.177/; sid:900612877; rev:1;) alert tcp $HOME_NET any -> [66.180.234.4] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.180.234.4/; sid:900612878; rev:1;) alert tcp $HOME_NET any -> [125.22.128.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.22.128.76/; sid:900612879; rev:1;) alert tcp $HOME_NET any -> [41.62.115.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.115.174/; sid:900612880; rev:1;) alert tcp $HOME_NET any -> [189.223.91.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.91.36/; sid:900612881; rev:1;) alert tcp $HOME_NET any -> [212.69.141.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.69.141.228/; sid:900612882; rev:1;) alert tcp $HOME_NET any -> [59.28.84.35] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.28.84.35/; sid:900612883; rev:1;) alert tcp $HOME_NET any -> [72.207.255.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.207.255.226/; sid:900612884; rev:1;) alert tcp $HOME_NET any -> [86.130.9.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.181/; sid:900612885; rev:1;) alert tcp $HOME_NET any -> [171.97.85.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.97.85.92/; sid:900612886; rev:1;) alert tcp $HOME_NET any -> [105.184.115.175] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.115.175/; sid:900612887; rev:1;) alert tcp $HOME_NET any -> [175.110.182.2] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.110.182.2/; sid:900612888; rev:1;) alert tcp $HOME_NET any -> [74.12.147.112] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.112/; sid:900612889; rev:1;) alert tcp $HOME_NET any -> [76.68.170.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.170.182/; sid:900612890; rev:1;) alert tcp $HOME_NET any -> [70.51.132.145] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.145/; sid:900612891; rev:1;) alert tcp $HOME_NET any -> [45.243.227.108] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.227.108/; sid:900612892; rev:1;) alert tcp $HOME_NET any -> [184.82.232.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.232.124/; sid:900612893; rev:1;) alert tcp $HOME_NET any -> [2.51.46.59] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.51.46.59/; sid:900612894; rev:1;) alert tcp $HOME_NET any -> [74.12.147.112] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.112/; sid:900612895; rev:1;) alert tcp $HOME_NET any -> [103.211.63.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.211.63.108/; sid:900612896; rev:1;) alert tcp $HOME_NET any -> [105.184.83.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.83.161/; sid:900612897; rev:1;) alert tcp $HOME_NET any -> [187.211.118.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.211.118.225/; sid:900612898; rev:1;) alert tcp $HOME_NET any -> [89.36.206.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.36.206.3/; sid:900612899; rev:1;) alert tcp $HOME_NET any -> [74.12.147.211] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.211/; sid:900612900; rev:1;) alert tcp $HOME_NET any -> [197.204.60.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.60.154/; sid:900612901; rev:1;) alert tcp $HOME_NET any -> [39.40.228.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.40.228.232/; sid:900612902; rev:1;) alert tcp $HOME_NET any -> [74.12.147.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.211/; sid:900612903; rev:1;) alert tcp $HOME_NET any -> [70.177.91.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.177.91.236/; sid:900612904; rev:1;) alert tcp $HOME_NET any -> [161.142.96.70] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.96.70/; sid:900612905; rev:1;) alert tcp $HOME_NET any -> [79.51.61.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.51.61.87/; sid:900612906; rev:1;) alert tcp $HOME_NET any -> [125.22.128.77] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.22.128.77/; sid:900612907; rev:1;) alert tcp $HOME_NET any -> [59.88.166.218] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.88.166.218/; sid:900612908; rev:1;) alert tcp $HOME_NET any -> [75.90.40.229] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.90.40.229/; sid:900612909; rev:1;) alert tcp $HOME_NET any -> [86.165.225.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.225.165/; sid:900612910; rev:1;) alert tcp $HOME_NET any -> [90.90.21.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.90.21.132/; sid:900612911; rev:1;) alert tcp $HOME_NET any -> [197.204.164.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.164.221/; sid:900612912; rev:1;) alert tcp $HOME_NET any -> [5.80.85.133] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.80.85.133/; sid:900612913; rev:1;) alert tcp $HOME_NET any -> [177.118.188.209] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.118.188.209/; sid:900612914; rev:1;) alert tcp $HOME_NET any -> [125.22.128.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.22.128.78/; sid:900612915; rev:1;) alert tcp $HOME_NET any -> [201.130.167.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.167.212/; sid:900612916; rev:1;) alert tcp $HOME_NET any -> [86.99.79.190] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.79.190/; sid:900612917; rev:1;) alert tcp $HOME_NET any -> [68.6.237.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.6.237.243/; sid:900612918; rev:1;) alert tcp $HOME_NET any -> [74.12.147.211] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.211/; sid:900612919; rev:1;) alert tcp $HOME_NET any -> [109.221.161.67] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.221.161.67/; sid:900612920; rev:1;) alert tcp $HOME_NET any -> [86.130.9.166] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.166/; sid:900612921; rev:1;) alert tcp $HOME_NET any -> [73.32.187.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.32.187.91/; sid:900612922; rev:1;) alert tcp $HOME_NET any -> [70.53.193.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.193.161/; sid:900612923; rev:1;) alert tcp $HOME_NET any -> [173.206.20.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.20.235/; sid:900612924; rev:1;) alert tcp $HOME_NET any -> [142.118.107.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.118.107.222/; sid:900612925; rev:1;) alert tcp $HOME_NET any -> [41.230.206.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.206.109/; sid:900612926; rev:1;) alert tcp $HOME_NET any -> [187.188.153.47] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.153.47/; sid:900612927; rev:1;) alert tcp $HOME_NET any -> [121.122.99.12] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.122.99.12/; sid:900612928; rev:1;) alert tcp $HOME_NET any -> [46.198.231.254] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.198.231.254/; sid:900612929; rev:1;) alert tcp $HOME_NET any -> [220.79.238.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.79.238.87/; sid:900612930; rev:1;) alert tcp $HOME_NET any -> [74.12.147.102] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.102/; sid:900612931; rev:1;) alert tcp $HOME_NET any -> [142.115.116.184] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.115.116.184/; sid:900612932; rev:1;) alert tcp $HOME_NET any -> [85.247.67.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.247.67.210/; sid:900612933; rev:1;) alert tcp $HOME_NET any -> [70.174.62.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.174.62.162/; sid:900612934; rev:1;) alert tcp $HOME_NET any -> [74.12.147.102] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.102/; sid:900612935; rev:1;) alert tcp $HOME_NET any -> [74.12.147.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.102/; sid:900612936; rev:1;) alert tcp $HOME_NET any -> [197.204.42.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.204.42.193/; sid:900612937; rev:1;) alert tcp $HOME_NET any -> [105.184.209.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.209.110/; sid:900612938; rev:1;) alert tcp $HOME_NET any -> [81.150.169.174] 2087 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.169.174/; sid:900612939; rev:1;) alert tcp $HOME_NET any -> [181.99.55.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.55.94/; sid:900612940; rev:1;) alert tcp $HOME_NET any -> [86.98.182.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.182.182/; sid:900612941; rev:1;) alert tcp $HOME_NET any -> [105.184.108.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.108.40/; sid:900612942; rev:1;) alert tcp $HOME_NET any -> [212.70.107.194] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.107.194/; sid:900612943; rev:1;) alert tcp $HOME_NET any -> [103.144.200.89] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.200.89/; sid:900612944; rev:1;) alert tcp $HOME_NET any -> [184.82.237.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.237.136/; sid:900612945; rev:1;) alert tcp $HOME_NET any -> [87.252.107.125] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.107.125/; sid:900612946; rev:1;) alert tcp $HOME_NET any -> [70.51.111.182] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.111.182/; sid:900612947; rev:1;) alert tcp $HOME_NET any -> [81.20.248.72] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.20.248.72/; sid:900612948; rev:1;) alert tcp $HOME_NET any -> [74.12.146.45] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.45/; sid:900612949; rev:1;) alert tcp $HOME_NET any -> [94.200.183.65] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.183.65/; sid:900612950; rev:1;) alert tcp $HOME_NET any -> [201.225.164.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.225.164.181/; sid:900612951; rev:1;) alert tcp $HOME_NET any -> [173.61.52.245] 3389 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.52.245/; sid:900612952; rev:1;) alert tcp $HOME_NET any -> [66.35.125.69] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.125.69/; sid:900612953; rev:1;) alert tcp $HOME_NET any -> [202.187.234.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.234.139/; sid:900612954; rev:1;) alert tcp $HOME_NET any -> [173.33.15.171] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.33.15.171/; sid:900612955; rev:1;) alert tcp $HOME_NET any -> [74.12.146.96] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.96/; sid:900612956; rev:1;) alert tcp $HOME_NET any -> [92.97.115.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.233/; sid:900612957; rev:1;) alert tcp $HOME_NET any -> [59.88.31.188] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.88.31.188/; sid:900612958; rev:1;) alert tcp $HOME_NET any -> [67.70.21.11] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.21.11/; sid:900612959; rev:1;) alert tcp $HOME_NET any -> [69.159.157.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.159.157.2/; sid:900612960; rev:1;) alert tcp $HOME_NET any -> [70.53.71.151] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.53.71.151/; sid:900612961; rev:1;) alert tcp $HOME_NET any -> [77.124.94.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.124.94.250/; sid:900612962; rev:1;) alert tcp $HOME_NET any -> [80.5.130.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.5.130.98/; sid:900612963; rev:1;) alert tcp $HOME_NET any -> [2.50.137.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.167/; sid:900612964; rev:1;) alert tcp $HOME_NET any -> [103.59.196.147] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.196.147/; sid:900612965; rev:1;) alert tcp $HOME_NET any -> [74.12.146.210] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.210/; sid:900612966; rev:1;) alert tcp $HOME_NET any -> [61.1.37.136] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.1.37.136/; sid:900612967; rev:1;) alert tcp $HOME_NET any -> [100.4.182.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.4.182.170/; sid:900612968; rev:1;) alert tcp $HOME_NET any -> [74.12.146.210] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.210/; sid:900612969; rev:1;) alert tcp $HOME_NET any -> [74.12.146.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.210/; sid:900612970; rev:1;) alert tcp $HOME_NET any -> [165.120.174.99] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.120.174.99/; sid:900612971; rev:1;) alert tcp $HOME_NET any -> [47.199.246.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.199.246.137/; sid:900612972; rev:1;) alert tcp $HOME_NET any -> [72.39.194.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.39.194.88/; sid:900612973; rev:1;) alert tcp $HOME_NET any -> [47.149.158.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.158.26/; sid:900612974; rev:1;) alert tcp $HOME_NET any -> [49.245.1.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.245.1.181/; sid:900612975; rev:1;) alert tcp $HOME_NET any -> [37.186.55.145] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.145/; sid:900612976; rev:1;) alert tcp $HOME_NET any -> [60.189.190.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.189.190.127/; sid:900612977; rev:1;) alert tcp $HOME_NET any -> [2.50.137.55] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.137.55/; sid:900612978; rev:1;) alert tcp $HOME_NET any -> [2.50.28.157] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.28.157/; sid:900612979; rev:1;) alert tcp $HOME_NET any -> [86.130.9.211] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.211/; sid:900612980; rev:1;) alert tcp $HOME_NET any -> [31.185.54.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.185.54.51/; sid:900612981; rev:1;) alert tcp $HOME_NET any -> [70.49.106.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.49.106.9/; sid:900612982; rev:1;) alert tcp $HOME_NET any -> [201.208.49.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.49.187/; sid:900612983; rev:1;) alert tcp $HOME_NET any -> [74.12.146.30] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.30/; sid:900612984; rev:1;) alert tcp $HOME_NET any -> [105.184.99.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.99.120/; sid:900612985; rev:1;) alert tcp $HOME_NET any -> [190.205.241.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.205.241.186/; sid:900612986; rev:1;) alert tcp $HOME_NET any -> [167.56.192.210] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.56.192.210/; sid:900612987; rev:1;) alert tcp $HOME_NET any -> [74.12.146.30] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.30/; sid:900612988; rev:1;) alert tcp $HOME_NET any -> [70.50.83.132] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.83.132/; sid:900612989; rev:1;) alert tcp $HOME_NET any -> [201.170.106.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.106.69/; sid:900612990; rev:1;) alert tcp $HOME_NET any -> [189.223.93.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.93.188/; sid:900612991; rev:1;) alert tcp $HOME_NET any -> [124.149.130.151] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.149.130.151/; sid:900612992; rev:1;) alert tcp $HOME_NET any -> [182.75.189.41] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.75.189.41/; sid:900612993; rev:1;) alert tcp $HOME_NET any -> [92.99.0.152] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.0.152/; sid:900612994; rev:1;) alert tcp $HOME_NET any -> [187.233.47.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.47.221/; sid:900612995; rev:1;) alert tcp $HOME_NET any -> [41.227.173.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.173.59/; sid:900612996; rev:1;) alert tcp $HOME_NET any -> [181.171.231.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.231.33/; sid:900612997; rev:1;) alert tcp $HOME_NET any -> [37.186.55.16] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.16/; sid:900612998; rev:1;) alert tcp $HOME_NET any -> [78.147.206.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.147.206.40/; sid:900612999; rev:1;) alert tcp $HOME_NET any -> [64.229.252.101] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.252.101/; sid:900613000; rev:1;) alert tcp $HOME_NET any -> [45.246.224.116] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.246.224.116/; sid:900613001; rev:1;) alert tcp $HOME_NET any -> [181.99.52.215] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.52.215/; sid:900613002; rev:1;) alert tcp $HOME_NET any -> [188.220.225.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.220.225.20/; sid:900613003; rev:1;) alert tcp $HOME_NET any -> [73.228.157.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.228.157.253/; sid:900613004; rev:1;) alert tcp $HOME_NET any -> [197.86.195.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.86.195.132/; sid:900613005; rev:1;) alert tcp $HOME_NET any -> [66.35.122.221] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.122.221/; sid:900613006; rev:1;) alert tcp $HOME_NET any -> [151.21.143.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.21.143.20/; sid:900613007; rev:1;) alert tcp $HOME_NET any -> [37.210.195.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.195.51/; sid:900613008; rev:1;) alert tcp $HOME_NET any -> [67.71.9.29] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.71.9.29/; sid:900613009; rev:1;) alert tcp $HOME_NET any -> [176.183.15.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.183.15.149/; sid:900613010; rev:1;) alert tcp $HOME_NET any -> [45.65.50.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.65.50.49/; sid:900613011; rev:1;) alert tcp $HOME_NET any -> [37.186.55.125] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.125/; sid:900613012; rev:1;) alert tcp $HOME_NET any -> [64.229.117.102] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.117.102/; sid:900613013; rev:1;) alert tcp $HOME_NET any -> [87.252.107.29] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.107.29/; sid:900613014; rev:1;) alert tcp $HOME_NET any -> [64.229.198.170] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.198.170/; sid:900613015; rev:1;) alert tcp $HOME_NET any -> [79.46.55.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.46.55.195/; sid:900613016; rev:1;) alert tcp $HOME_NET any -> [124.122.56.151] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.56.151/; sid:900613017; rev:1;) alert tcp $HOME_NET any -> [92.97.115.206] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.206/; sid:900613018; rev:1;) alert tcp $HOME_NET any -> [5.54.78.224] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.54.78.224/; sid:900613019; rev:1;) alert tcp $HOME_NET any -> [70.55.15.96] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.15.96/; sid:900613020; rev:1;) alert tcp $HOME_NET any -> [45.62.82.18] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.82.18/; sid:900613021; rev:1;) alert tcp $HOME_NET any -> [116.74.164.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.74.164.66/; sid:900613022; rev:1;) alert tcp $HOME_NET any -> [151.62.21.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.21.231/; sid:900613023; rev:1;) alert tcp $HOME_NET any -> [109.50.154.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.50.154.9/; sid:900613024; rev:1;) alert tcp $HOME_NET any -> [86.183.251.160] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.183.251.160/; sid:900613025; rev:1;) alert tcp $HOME_NET any -> [103.12.133.135] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.133.135/; sid:900613026; rev:1;) alert tcp $HOME_NET any -> [189.253.226.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.226.195/; sid:900613027; rev:1;) alert tcp $HOME_NET any -> [86.131.4.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.131.4.163/; sid:900613028; rev:1;) alert tcp $HOME_NET any -> [197.94.68.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.68.12/; sid:900613029; rev:1;) alert tcp $HOME_NET any -> [210.187.148.12] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.187.148.12/; sid:900613030; rev:1;) alert tcp $HOME_NET any -> [201.143.66.16] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.66.16/; sid:900613031; rev:1;) alert tcp $HOME_NET any -> [105.184.8.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.8.199/; sid:900613032; rev:1;) alert tcp $HOME_NET any -> [86.130.9.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.233/; sid:900613033; rev:1;) alert tcp $HOME_NET any -> [59.88.31.209] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.88.31.209/; sid:900613034; rev:1;) alert tcp $HOME_NET any -> [101.184.136.45] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.184.136.45/; sid:900613035; rev:1;) alert tcp $HOME_NET any -> [70.51.132.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.132.153/; sid:900613036; rev:1;) alert tcp $HOME_NET any -> [103.107.36.56] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.36.56/; sid:900613037; rev:1;) alert tcp $HOME_NET any -> [66.128.172.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.128.172.43/; sid:900613038; rev:1;) alert tcp $HOME_NET any -> [70.55.15.42] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.15.42/; sid:900613039; rev:1;) alert tcp $HOME_NET any -> [5.80.86.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.80.86.185/; sid:900613040; rev:1;) alert tcp $HOME_NET any -> [74.12.187.217] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.187.217/; sid:900613041; rev:1;) alert tcp $HOME_NET any -> [190.133.132.0] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.133.132.0/; sid:900613042; rev:1;) alert tcp $HOME_NET any -> [105.186.128.89] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.128.89/; sid:900613043; rev:1;) alert tcp $HOME_NET any -> [80.76.163.93] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.93/; sid:900613044; rev:1;) alert tcp $HOME_NET any -> [86.130.9.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.178/; sid:900613045; rev:1;) alert tcp $HOME_NET any -> [190.199.177.241] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.199.177.241/; sid:900613046; rev:1;) alert tcp $HOME_NET any -> [71.70.231.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.70.231.28/; sid:900613047; rev:1;) alert tcp $HOME_NET any -> [87.223.93.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.93.31/; sid:900613048; rev:1;) alert tcp $HOME_NET any -> [173.182.152.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.182.152.69/; sid:900613049; rev:1;) alert tcp $HOME_NET any -> [181.99.53.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.53.66/; sid:900613050; rev:1;) alert tcp $HOME_NET any -> [70.29.122.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.122.227/; sid:900613051; rev:1;) alert tcp $HOME_NET any -> [102.156.20.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.20.197/; sid:900613052; rev:1;) alert tcp $HOME_NET any -> [60.189.157.90] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.189.157.90/; sid:900613053; rev:1;) alert tcp $HOME_NET any -> [124.122.56.89] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.56.89/; sid:900613054; rev:1;) alert tcp $HOME_NET any -> [87.223.92.52] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.92.52/; sid:900613055; rev:1;) alert tcp $HOME_NET any -> [39.49.112.28] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.112.28/; sid:900613056; rev:1;) alert tcp $HOME_NET any -> [31.53.29.153] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.153/; sid:900613057; rev:1;) alert tcp $HOME_NET any -> [76.71.119.9] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.71.119.9/; sid:900613058; rev:1;) alert tcp $HOME_NET any -> [212.70.98.86] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.86/; sid:900613059; rev:1;) alert tcp $HOME_NET any -> [151.62.77.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.77.168/; sid:900613060; rev:1;) alert tcp $HOME_NET any -> [74.14.69.21] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.69.21/; sid:900613061; rev:1;) alert tcp $HOME_NET any -> [74.12.147.43] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.43/; sid:900613062; rev:1;) alert tcp $HOME_NET any -> [105.184.83.146] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.83.146/; sid:900613063; rev:1;) alert tcp $HOME_NET any -> [77.101.173.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.101.173.162/; sid:900613064; rev:1;) alert tcp $HOME_NET any -> [80.76.163.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.238/; sid:900613065; rev:1;) alert tcp $HOME_NET any -> [95.250.204.253] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.250.204.253/; sid:900613066; rev:1;) alert tcp $HOME_NET any -> [41.97.141.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.141.225/; sid:900613067; rev:1;) alert tcp $HOME_NET any -> [154.247.42.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.42.195/; sid:900613068; rev:1;) alert tcp $HOME_NET any -> [81.20.248.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.20.248.102/; sid:900613069; rev:1;) alert tcp $HOME_NET any -> [201.130.144.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.144.28/; sid:900613070; rev:1;) alert tcp $HOME_NET any -> [222.97.236.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.97.236.17/; sid:900613071; rev:1;) alert tcp $HOME_NET any -> [95.94.44.23] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.94.44.23/; sid:900613072; rev:1;) alert tcp $HOME_NET any -> [72.252.153.64] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.153.64/; sid:900613073; rev:1;) alert tcp $HOME_NET any -> [117.215.26.54] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.215.26.54/; sid:900613074; rev:1;) alert tcp $HOME_NET any -> [75.89.130.235] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.89.130.235/; sid:900613075; rev:1;) alert tcp $HOME_NET any -> [197.87.143.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.143.84/; sid:900613076; rev:1;) alert tcp $HOME_NET any -> [78.159.145.186] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.145.186/; sid:900613077; rev:1;) alert tcp $HOME_NET any -> [41.96.115.130] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.96.115.130/; sid:900613078; rev:1;) alert tcp $HOME_NET any -> [212.70.107.36] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.107.36/; sid:900613079; rev:1;) alert tcp $HOME_NET any -> [45.62.68.184] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.68.184/; sid:900613080; rev:1;) alert tcp $HOME_NET any -> [189.253.249.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.249.141/; sid:900613081; rev:1;) alert tcp $HOME_NET any -> [65.92.221.162] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.92.221.162/; sid:900613082; rev:1;) alert tcp $HOME_NET any -> [197.0.141.119] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.0.141.119/; sid:900613083; rev:1;) alert tcp $HOME_NET any -> [187.250.166.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.166.152/; sid:900613084; rev:1;) alert tcp $HOME_NET any -> [74.12.147.178] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.178/; sid:900613085; rev:1;) alert tcp $HOME_NET any -> [197.87.143.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.143.36/; sid:900613086; rev:1;) alert tcp $HOME_NET any -> [103.59.196.149] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.196.149/; sid:900613087; rev:1;) alert tcp $HOME_NET any -> [201.226.240.51] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.226.240.51/; sid:900613088; rev:1;) alert tcp $HOME_NET any -> [31.53.29.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.140/; sid:900613089; rev:1;) alert tcp $HOME_NET any -> [80.76.163.38] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.38/; sid:900613090; rev:1;) alert tcp $HOME_NET any -> [105.184.8.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.8.17/; sid:900613091; rev:1;) alert tcp $HOME_NET any -> [65.93.35.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.93.35.185/; sid:900613092; rev:1;) alert tcp $HOME_NET any -> [103.219.61.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.219.61.161/; sid:900613093; rev:1;) alert tcp $HOME_NET any -> [74.14.68.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.68.187/; sid:900613094; rev:1;) alert tcp $HOME_NET any -> [41.97.54.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.54.123/; sid:900613095; rev:1;) alert tcp $HOME_NET any -> [151.48.137.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.48.137.216/; sid:900613096; rev:1;) alert tcp $HOME_NET any -> [46.246.152.214] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.246.152.214/; sid:900613097; rev:1;) alert tcp $HOME_NET any -> [74.12.146.96] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.96/; sid:900613098; rev:1;) alert tcp $HOME_NET any -> [86.98.110.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.110.234/; sid:900613099; rev:1;) alert tcp $HOME_NET any -> [87.223.91.165] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.91.165/; sid:900613100; rev:1;) alert tcp $HOME_NET any -> [151.62.27.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.27.32/; sid:900613101; rev:1;) alert tcp $HOME_NET any -> [160.223.223.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.223.223.110/; sid:900613102; rev:1;) alert tcp $HOME_NET any -> [81.254.198.114] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.254.198.114/; sid:900613103; rev:1;) alert tcp $HOME_NET any -> [141.237.72.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.237.72.145/; sid:900613104; rev:1;) alert tcp $HOME_NET any -> [45.62.78.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.78.225/; sid:900613105; rev:1;) alert tcp $HOME_NET any -> [80.201.208.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.201.208.115/; sid:900613106; rev:1;) alert tcp $HOME_NET any -> [103.59.196.150] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.196.150/; sid:900613107; rev:1;) alert tcp $HOME_NET any -> [74.12.147.72] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.147.72/; sid:900613108; rev:1;) alert tcp $HOME_NET any -> [190.34.103.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.103.234/; sid:900613109; rev:1;) alert tcp $HOME_NET any -> [197.14.174.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.174.197/; sid:900613110; rev:1;) alert tcp $HOME_NET any -> [116.75.63.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.191/; sid:900613111; rev:1;) alert tcp $HOME_NET any -> [113.193.166.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.166.223/; sid:900613112; rev:1;) alert tcp $HOME_NET any -> [41.230.178.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.230.178.74/; sid:900613113; rev:1;) alert tcp $HOME_NET any -> [154.246.67.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.246.67.87/; sid:900613114; rev:1;) alert tcp $HOME_NET any -> [197.14.73.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.14.73.104/; sid:900613115; rev:1;) alert tcp $HOME_NET any -> [86.142.237.226] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.142.237.226/; sid:900613116; rev:1;) alert tcp $HOME_NET any -> [181.99.55.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.55.223/; sid:900613117; rev:1;) alert tcp $HOME_NET any -> [190.135.202.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.135.202.177/; sid:900613118; rev:1;) alert tcp $HOME_NET any -> [201.226.214.84] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.226.214.84/; sid:900613119; rev:1;) alert tcp $HOME_NET any -> [70.29.123.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.123.212/; sid:900613120; rev:1;) alert tcp $HOME_NET any -> [102.159.177.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.177.74/; sid:900613121; rev:1;) alert tcp $HOME_NET any -> [124.149.135.47] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.149.135.47/; sid:900613122; rev:1;) alert tcp $HOME_NET any -> [60.241.116.173] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.241.116.173/; sid:900613123; rev:1;) alert tcp $HOME_NET any -> [212.70.107.56] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.107.56/; sid:900613124; rev:1;) alert tcp $HOME_NET any -> [189.177.64.36] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.177.64.36/; sid:900613125; rev:1;) alert tcp $HOME_NET any -> [77.126.186.251] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.126.186.251/; sid:900613126; rev:1;) alert tcp $HOME_NET any -> [105.184.159.181] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.159.181/; sid:900613127; rev:1;) alert tcp $HOME_NET any -> [103.59.196.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.196.148/; sid:900613128; rev:1;) alert tcp $HOME_NET any -> [74.14.69.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.14.69.105/; sid:900613129; rev:1;) alert tcp $HOME_NET any -> [86.130.9.195] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.195/; sid:900613130; rev:1;) alert tcp $HOME_NET any -> [175.138.16.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.138.16.106/; sid:900613131; rev:1;) alert tcp $HOME_NET any -> [102.156.234.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.234.92/; sid:900613132; rev:1;) alert tcp $HOME_NET any -> [116.75.63.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.108/; sid:900613133; rev:1;) alert tcp $HOME_NET any -> [70.48.45.207] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.48.45.207/; sid:900613134; rev:1;) alert tcp $HOME_NET any -> [79.167.223.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.167.223.198/; sid:900613135; rev:1;) alert tcp $HOME_NET any -> [222.119.56.246] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.119.56.246/; sid:900613136; rev:1;) alert tcp $HOME_NET any -> [49.175.72.183] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.175.72.183/; sid:900613137; rev:1;) alert tcp $HOME_NET any -> [37.189.159.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.189.159.245/; sid:900613138; rev:1;) alert tcp $HOME_NET any -> [212.70.107.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.107.186/; sid:900613139; rev:1;) alert tcp $HOME_NET any -> [151.62.93.95] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.62.93.95/; sid:900613140; rev:1;) alert tcp $HOME_NET any -> [203.206.78.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.206.78.3/; sid:900613141; rev:1;) alert tcp $HOME_NET any -> [80.183.60.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.183.60.189/; sid:900613142; rev:1;) alert tcp $HOME_NET any -> [212.70.98.253] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.253/; sid:900613143; rev:1;) alert tcp $HOME_NET any -> [41.98.1.155] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.98.1.155/; sid:900613144; rev:1;) alert tcp $HOME_NET any -> [83.110.222.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.222.158/; sid:900613145; rev:1;) alert tcp $HOME_NET any -> [157.119.85.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.85.25/; sid:900613146; rev:1;) alert tcp $HOME_NET any -> [41.62.253.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.253.128/; sid:900613147; rev:1;) alert tcp $HOME_NET any -> [74.12.146.229] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.229/; sid:900613148; rev:1;) alert tcp $HOME_NET any -> [178.152.116.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.116.70/; sid:900613149; rev:1;) alert tcp $HOME_NET any -> [124.122.56.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.122.56.82/; sid:900613150; rev:1;) alert tcp $HOME_NET any -> [142.184.50.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.184.50.134/; sid:900613151; rev:1;) alert tcp $HOME_NET any -> [86.130.9.144] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.144/; sid:900613152; rev:1;) alert tcp $HOME_NET any -> [70.27.1.161] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.1.161/; sid:900613153; rev:1;) alert tcp $HOME_NET any -> [66.35.121.89] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.121.89/; sid:900613154; rev:1;) alert tcp $HOME_NET any -> [181.170.219.140] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.219.140/; sid:900613155; rev:1;) alert tcp $HOME_NET any -> [79.107.141.79] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.107.141.79/; sid:900613156; rev:1;) alert tcp $HOME_NET any -> [74.12.146.145] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.145/; sid:900613157; rev:1;) alert tcp $HOME_NET any -> [47.155.2.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.155.2.126/; sid:900613158; rev:1;) alert tcp $HOME_NET any -> [217.165.255.231] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.255.231/; sid:900613159; rev:1;) alert tcp $HOME_NET any -> [31.188.148.239] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.188.148.239/; sid:900613160; rev:1;) alert tcp $HOME_NET any -> [201.143.52.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.52.178/; sid:900613161; rev:1;) alert tcp $HOME_NET any -> [103.248.119.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.119.82/; sid:900613162; rev:1;) alert tcp $HOME_NET any -> [92.97.115.25] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.97.115.25/; sid:900613163; rev:1;) alert tcp $HOME_NET any -> [39.49.232.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.232.142/; sid:900613164; rev:1;) alert tcp $HOME_NET any -> [193.120.79.176] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.120.79.176/; sid:900613165; rev:1;) alert tcp $HOME_NET any -> [117.202.202.224] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.202.202.224/; sid:900613166; rev:1;) alert tcp $HOME_NET any -> [66.35.102.37] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.102.37/; sid:900613167; rev:1;) alert tcp $HOME_NET any -> [197.89.10.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.10.195/; sid:900613168; rev:1;) alert tcp $HOME_NET any -> [70.27.1.254] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.1.254/; sid:900613169; rev:1;) alert tcp $HOME_NET any -> [185.164.186.5] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.186.5/; sid:900613170; rev:1;) alert tcp $HOME_NET any -> [37.186.59.120] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.59.120/; sid:900613171; rev:1;) alert tcp $HOME_NET any -> [86.183.251.253] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.183.251.253/; sid:900613172; rev:1;) alert tcp $HOME_NET any -> [184.146.66.60] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.146.66.60/; sid:900613173; rev:1;) alert tcp $HOME_NET any -> [173.206.155.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.155.108/; sid:900613174; rev:1;) alert tcp $HOME_NET any -> [97.93.196.74] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.196.74/; sid:900613175; rev:1;) alert tcp $HOME_NET any -> [92.17.88.70] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.88.70/; sid:900613176; rev:1;) alert tcp $HOME_NET any -> [74.12.146.117] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.117/; sid:900613177; rev:1;) alert tcp $HOME_NET any -> [103.248.119.83] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.119.83/; sid:900613178; rev:1;) alert tcp $HOME_NET any -> [103.144.200.90] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.200.90/; sid:900613179; rev:1;) alert tcp $HOME_NET any -> [201.143.11.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.11.225/; sid:900613180; rev:1;) alert tcp $HOME_NET any -> [117.200.223.71] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.200.223.71/; sid:900613181; rev:1;) alert tcp $HOME_NET any -> [197.26.146.238] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.146.238/; sid:900613182; rev:1;) alert tcp $HOME_NET any -> [86.222.92.165] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.92.165/; sid:900613183; rev:1;) alert tcp $HOME_NET any -> [78.18.244.225] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.18.244.225/; sid:900613184; rev:1;) alert tcp $HOME_NET any -> [105.184.115.119] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.115.119/; sid:900613185; rev:1;) alert tcp $HOME_NET any -> [167.56.123.186] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.56.123.186/; sid:900613186; rev:1;) alert tcp $HOME_NET any -> [87.223.95.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.223.95.32/; sid:900613187; rev:1;) alert tcp $HOME_NET any -> [189.222.59.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.59.28/; sid:900613188; rev:1;) alert tcp $HOME_NET any -> [197.86.195.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.86.195.150/; sid:900613189; rev:1;) alert tcp $HOME_NET any -> [79.43.141.100] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.43.141.100/; sid:900613190; rev:1;) alert tcp $HOME_NET any -> [190.203.35.172] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.203.35.172/; sid:900613191; rev:1;) alert tcp $HOME_NET any -> [116.75.63.9] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.9/; sid:900613192; rev:1;) alert tcp $HOME_NET any -> [2.51.46.63] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.51.46.63/; sid:900613193; rev:1;) alert tcp $HOME_NET any -> [154.247.0.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.0.85/; sid:900613194; rev:1;) alert tcp $HOME_NET any -> [41.62.132.48] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.132.48/; sid:900613195; rev:1;) alert tcp $HOME_NET any -> [37.186.55.179] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.186.55.179/; sid:900613196; rev:1;) alert tcp $HOME_NET any -> [74.12.146.4] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.4/; sid:900613197; rev:1;) alert tcp $HOME_NET any -> [103.248.119.84] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.119.84/; sid:900613198; rev:1;) alert tcp $HOME_NET any -> [197.26.178.164] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.26.178.164/; sid:900613199; rev:1;) alert tcp $HOME_NET any -> [89.32.159.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.159.148/; sid:900613200; rev:1;) alert tcp $HOME_NET any -> [80.76.163.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.76.163.185/; sid:900613201; rev:1;) alert tcp $HOME_NET any -> [39.49.244.206] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.244.206/; sid:900613202; rev:1;) alert tcp $HOME_NET any -> [105.186.128.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.128.2/; sid:900613203; rev:1;) alert tcp $HOME_NET any -> [161.142.107.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.107.120/; sid:900613204; rev:1;) alert tcp $HOME_NET any -> [197.89.10.82] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.10.82/; sid:900613205; rev:1;) alert tcp $HOME_NET any -> [217.165.26.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.26.12/; sid:900613206; rev:1;) alert tcp $HOME_NET any -> [103.248.119.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.119.85/; sid:900613207; rev:1;) alert tcp $HOME_NET any -> [109.153.10.32] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.153.10.32/; sid:900613208; rev:1;) alert tcp $HOME_NET any -> [142.117.161.238] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.117.161.238/; sid:900613209; rev:1;) alert tcp $HOME_NET any -> [72.4.96.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.4.96.234/; sid:900613210; rev:1;) alert tcp $HOME_NET any -> [212.70.98.97] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.70.98.97/; sid:900613211; rev:1;) alert tcp $HOME_NET any -> [102.157.165.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.157.165.228/; sid:900613212; rev:1;) alert tcp $HOME_NET any -> [151.65.75.108] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.65.75.108/; sid:900613213; rev:1;) alert tcp $HOME_NET any -> [81.129.53.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.53.106/; sid:900613214; rev:1;) alert tcp $HOME_NET any -> [70.51.134.178] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.51.134.178/; sid:900613215; rev:1;) alert tcp $HOME_NET any -> [74.12.146.117] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.117/; sid:900613216; rev:1;) alert tcp $HOME_NET any -> [41.62.161.46] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.62.161.46/; sid:900613217; rev:1;) alert tcp $HOME_NET any -> [201.130.126.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.126.159/; sid:900613218; rev:1;) alert tcp $HOME_NET any -> [77.126.0.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.126.0.168/; sid:900613219; rev:1;) alert tcp $HOME_NET any -> [39.49.48.18] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.48.18/; sid:900613220; rev:1;) alert tcp $HOME_NET any -> [45.65.49.230] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.65.49.230/; sid:900613221; rev:1;) alert tcp $HOME_NET any -> [100.4.182.242] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.4.182.242/; sid:900613222; rev:1;) alert tcp $HOME_NET any -> [86.96.75.225] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.96.75.225/; sid:900613223; rev:1;) alert tcp $HOME_NET any -> [200.91.114.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.91.114.90/; sid:900613224; rev:1;) alert tcp $HOME_NET any -> [197.87.143.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.143.210/; sid:900613225; rev:1;) alert tcp $HOME_NET any -> [31.53.29.199] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.199/; sid:900613226; rev:1;) alert tcp $HOME_NET any -> [113.193.95.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.95.237/; sid:900613227; rev:1;) alert tcp $HOME_NET any -> [66.35.127.81] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.127.81/; sid:900613228; rev:1;) alert tcp $HOME_NET any -> [197.2.159.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.159.74/; sid:900613229; rev:1;) alert tcp $HOME_NET any -> [75.156.126.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.156.126.33/; sid:900613230; rev:1;) alert tcp $HOME_NET any -> [46.246.232.45] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.246.232.45/; sid:900613231; rev:1;) alert tcp $HOME_NET any -> [74.12.146.207] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.207/; sid:900613232; rev:1;) alert tcp $HOME_NET any -> [117.202.205.136] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.202.205.136/; sid:900613233; rev:1;) alert tcp $HOME_NET any -> [86.222.77.167] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.222.77.167/; sid:900613234; rev:1;) alert tcp $HOME_NET any -> [201.227.16.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.227.16.142/; sid:900613235; rev:1;) alert tcp $HOME_NET any -> [113.193.166.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.166.34/; sid:900613236; rev:1;) alert tcp $HOME_NET any -> [174.95.144.112] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.95.144.112/; sid:900613237; rev:1;) alert tcp $HOME_NET any -> [45.62.75.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.75.212/; sid:900613238; rev:1;) alert tcp $HOME_NET any -> [181.99.46.114] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.46.114/; sid:900613239; rev:1;) alert tcp $HOME_NET any -> [197.2.49.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.2.49.178/; sid:900613240; rev:1;) alert tcp $HOME_NET any -> [77.85.160.38] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.85.160.38/; sid:900613241; rev:1;) alert tcp $HOME_NET any -> [200.109.192.34] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.192.34/; sid:900613242; rev:1;) alert tcp $HOME_NET any -> [74.12.146.207] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.207/; sid:900613243; rev:1;) alert tcp $HOME_NET any -> [109.156.62.134] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.156.62.134/; sid:900613244; rev:1;) alert tcp $HOME_NET any -> [178.153.13.38] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.13.38/; sid:900613245; rev:1;) alert tcp $HOME_NET any -> [175.110.171.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.110.171.98/; sid:900613246; rev:1;) alert tcp $HOME_NET any -> [197.87.135.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.135.228/; sid:900613247; rev:1;) alert tcp $HOME_NET any -> [212.69.141.196] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.69.141.196/; sid:900613248; rev:1;) alert tcp $HOME_NET any -> [102.156.115.75] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.115.75/; sid:900613249; rev:1;) alert tcp $HOME_NET any -> [102.156.6.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.6.123/; sid:900613250; rev:1;) alert tcp $HOME_NET any -> [91.82.133.181] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.82.133.181/; sid:900613251; rev:1;) alert tcp $HOME_NET any -> [64.229.199.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.229.199.64/; sid:900613252; rev:1;) alert tcp $HOME_NET any -> [31.53.29.151] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.151/; sid:900613253; rev:1;) alert tcp $HOME_NET any -> [67.70.22.155] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.22.155/; sid:900613254; rev:1;) alert tcp $HOME_NET any -> [222.253.247.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.253.247.103/; sid:900613255; rev:1;) alert tcp $HOME_NET any -> [113.53.154.36] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.53.154.36/; sid:900613256; rev:1;) alert tcp $HOME_NET any -> [161.142.99.126] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.99.126/; sid:900613257; rev:1;) alert tcp $HOME_NET any -> [209.93.207.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.93.207.140/; sid:900613258; rev:1;) alert tcp $HOME_NET any -> [121.209.140.5] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.209.140.5/; sid:900613259; rev:1;) alert tcp $HOME_NET any -> [141.164.210.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.164.210.209/; sid:900613260; rev:1;) alert tcp $HOME_NET any -> [190.141.11.17] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.11.17/; sid:900613261; rev:1;) alert tcp $HOME_NET any -> [80.180.209.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.180.209.106/; sid:900613262; rev:1;) alert tcp $HOME_NET any -> [66.35.121.181] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.35.121.181/; sid:900613263; rev:1;) alert tcp $HOME_NET any -> [186.73.231.11] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.73.231.11/; sid:900613264; rev:1;) alert tcp $HOME_NET any -> [64.237.72.129] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.72.129/; sid:900613265; rev:1;) alert tcp $HOME_NET any -> [31.53.29.186] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.29.186/; sid:900613266; rev:1;) alert tcp $HOME_NET any -> [173.206.129.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.206.129.159/; sid:900613267; rev:1;) alert tcp $HOME_NET any -> [105.184.99.98] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.99.98/; sid:900613268; rev:1;) alert tcp $HOME_NET any -> [197.83.246.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.246.70/; sid:900613269; rev:1;) alert tcp $HOME_NET any -> [74.12.146.93] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.93/; sid:900613270; rev:1;) alert tcp $HOME_NET any -> [37.210.168.96] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.168.96/; sid:900613271; rev:1;) alert tcp $HOME_NET any -> [45.243.231.247] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.243.231.247/; sid:900613272; rev:1;) alert tcp $HOME_NET any -> [86.98.213.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.213.216/; sid:900613273; rev:1;) alert tcp $HOME_NET any -> [161.142.98.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.142.98.188/; sid:900613274; rev:1;) alert tcp $HOME_NET any -> [117.195.27.157] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.195.27.157/; sid:900613275; rev:1;) alert tcp $HOME_NET any -> [86.130.9.139] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.139/; sid:900613276; rev:1;) alert tcp $HOME_NET any -> [102.156.192.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.156.192.103/; sid:900613277; rev:1;) alert tcp $HOME_NET any -> [154.247.76.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.247.76.104/; sid:900613278; rev:1;) alert tcp $HOME_NET any -> [86.153.18.118] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.153.18.118/; sid:900613279; rev:1;) alert tcp $HOME_NET any -> [62.66.147.220] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.66.147.220/; sid:900613280; rev:1;) alert tcp $HOME_NET any -> [31.185.54.53] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.185.54.53/; sid:900613281; rev:1;) alert tcp $HOME_NET any -> [181.167.166.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.166.8/; sid:900613282; rev:1;) alert tcp $HOME_NET any -> [190.249.211.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.211.106/; sid:900613283; rev:1;) alert tcp $HOME_NET any -> [87.1.202.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.1.202.127/; sid:900613284; rev:1;) alert tcp $HOME_NET any -> [174.114.222.23] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.114.222.23/; sid:900613285; rev:1;) alert tcp $HOME_NET any -> [190.33.214.172] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.33.214.172/; sid:900613286; rev:1;) alert tcp $HOME_NET any -> [70.29.120.52] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.29.120.52/; sid:900613287; rev:1;) alert tcp $HOME_NET any -> [197.87.63.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.63.121/; sid:900613288; rev:1;) alert tcp $HOME_NET any -> [103.172.227.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.172.227.110/; sid:900613289; rev:1;) alert tcp $HOME_NET any -> [142.115.159.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.115.159.127/; sid:900613290; rev:1;) alert tcp $HOME_NET any -> [45.62.79.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.62.79.227/; sid:900613291; rev:1;) alert tcp $HOME_NET any -> [82.0.180.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.0.180.5/; sid:900613292; rev:1;) alert tcp $HOME_NET any -> [74.12.146.246] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.246/; sid:900613293; rev:1;) alert tcp $HOME_NET any -> [70.27.1.248] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.1.248/; sid:900613294; rev:1;) alert tcp $HOME_NET any -> [190.33.20.235] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.33.20.235/; sid:900613295; rev:1;) alert tcp $HOME_NET any -> [92.186.137.74] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.137.74/; sid:900613296; rev:1;) alert tcp $HOME_NET any -> [79.19.146.107] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.19.146.107/; sid:900613297; rev:1;) alert tcp $HOME_NET any -> [141.164.164.166] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.164.164.166/; sid:900613298; rev:1;) alert tcp $HOME_NET any -> [86.168.131.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.168.131.44/; sid:900613299; rev:1;) alert tcp $HOME_NET any -> [74.12.146.246] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.246/; sid:900613300; rev:1;) alert tcp $HOME_NET any -> [82.205.93.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.205.93.129/; sid:900613301; rev:1;) alert tcp $HOME_NET any -> [86.150.32.228] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.32.228/; sid:900613302; rev:1;) alert tcp $HOME_NET any -> [167.56.123.176] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.56.123.176/; sid:900613303; rev:1;) alert tcp $HOME_NET any -> [74.12.146.246] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.246/; sid:900613304; rev:1;) alert tcp $HOME_NET any -> [201.226.226.88] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.226.226.88/; sid:900613305; rev:1;) alert tcp $HOME_NET any -> [86.178.219.105] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.178.219.105/; sid:900613306; rev:1;) alert tcp $HOME_NET any -> [103.252.6.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.252.6.88/; sid:900613307; rev:1;) alert tcp $HOME_NET any -> [181.118.183.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.99/; sid:900613308; rev:1;) alert tcp $HOME_NET any -> [171.96.205.159] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.96.205.159/; sid:900613309; rev:1;) alert tcp $HOME_NET any -> [82.14.84.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.14.84.152/; sid:900613310; rev:1;) alert tcp $HOME_NET any -> [86.130.9.155] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.155/; sid:900613311; rev:1;) alert tcp $HOME_NET any -> [31.117.180.203] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.117.180.203/; sid:900613312; rev:1;) alert tcp $HOME_NET any -> [41.227.197.112] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.197.112/; sid:900613313; rev:1;) alert tcp $HOME_NET any -> [73.48.4.128] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.48.4.128/; sid:900613314; rev:1;) alert tcp $HOME_NET any -> [41.98.242.3] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.98.242.3/; sid:900613315; rev:1;) alert tcp $HOME_NET any -> [82.2.136.141] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.2.136.141/; sid:900613316; rev:1;) alert tcp $HOME_NET any -> [145.82.132.49] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.82.132.49/; sid:900613317; rev:1;) alert tcp $HOME_NET any -> [142.198.147.146] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.198.147.146/; sid:900613318; rev:1;) alert tcp $HOME_NET any -> [74.12.146.220] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.220/; sid:900613319; rev:1;) alert tcp $HOME_NET any -> [86.99.51.64] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.51.64/; sid:900613320; rev:1;) alert tcp $HOME_NET any -> [116.75.63.156] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.75.63.156/; sid:900613321; rev:1;) alert tcp $HOME_NET any -> [113.193.95.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.95.178/; sid:900613322; rev:1;) alert tcp $HOME_NET any -> [197.87.135.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.135.31/; sid:900613323; rev:1;) alert tcp $HOME_NET any -> [175.110.196.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.110.196.31/; sid:900613324; rev:1;) alert tcp $HOME_NET any -> [151.48.178.212] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.48.178.212/; sid:900613325; rev:1;) alert tcp $HOME_NET any -> [190.135.219.189] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.135.219.189/; sid:900613326; rev:1;) alert tcp $HOME_NET any -> [92.17.93.207] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.93.207/; sid:900613327; rev:1;) alert tcp $HOME_NET any -> [105.184.108.41] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.108.41/; sid:900613328; rev:1;) alert tcp $HOME_NET any -> [200.90.71.222] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.71.222/; sid:900613329; rev:1;) alert tcp $HOME_NET any -> [86.165.15.246] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.15.246/; sid:900613330; rev:1;) alert tcp $HOME_NET any -> [67.70.18.202] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.70.18.202/; sid:900613331; rev:1;) alert tcp $HOME_NET any -> [85.113.124.240] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.113.124.240/; sid:900613332; rev:1;) alert tcp $HOME_NET any -> [189.253.228.150] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.228.150/; sid:900613333; rev:1;) alert tcp $HOME_NET any -> [78.159.147.1] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.159.147.1/; sid:900613334; rev:1;) alert tcp $HOME_NET any -> [70.174.49.244] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.174.49.244/; sid:900613335; rev:1;) alert tcp $HOME_NET any -> [201.143.8.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.8.193/; sid:900613336; rev:1;) alert tcp $HOME_NET any -> [142.198.125.203] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.198.125.203/; sid:900613337; rev:1;) alert tcp $HOME_NET any -> [31.117.160.214] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.117.160.214/; sid:900613338; rev:1;) alert tcp $HOME_NET any -> [102.159.81.188] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.159.81.188/; sid:900613339; rev:1;) alert tcp $HOME_NET any -> [86.176.237.198] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.176.237.198/; sid:900613340; rev:1;) alert tcp $HOME_NET any -> [190.249.221.53] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.249.221.53/; sid:900613341; rev:1;) alert tcp $HOME_NET any -> [74.12.146.236] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.12.146.236/; sid:900613342; rev:1;) alert tcp $HOME_NET any -> [86.130.9.219] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.130.9.219/; sid:900613343; rev:1;) alert tcp $HOME_NET any -> [197.89.10.236] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.10.236/; sid:900613344; rev:1;) alert tcp $HOME_NET any -> [41.97.47.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.97.47.7/; sid:900613345; rev:1;) alert tcp $HOME_NET any -> [92.9.44.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.9.44.234/; sid:900613346; rev:1;) alert tcp $HOME_NET any -> [78.152.198.132] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.152.198.132/; sid:900613347; rev:1;) alert tcp $HOME_NET any -> [113.193.95.229] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.95.229/; sid:900613348; rev:1;) alert tcp $HOME_NET any -> [190.34.24.159] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.24.159/; sid:900613349; rev:1;) alert tcp $HOME_NET any -> [148.153.34.82] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.153.34.82/; sid:900613350; rev:1;) alert tcp $HOME_NET any -> [135.125.124.72] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.125.124.72/; sid:900613351; rev:1;) alert tcp $HOME_NET any -> [45.182.189.107] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.182.189.107/; sid:900613352; rev:1;) alert tcp $HOME_NET any -> [104.243.45.170] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.243.45.170/; sid:900613353; rev:1;) alert tcp $HOME_NET any -> [38.242.240.28] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.242.240.28/; sid:900613355; rev:1;) alert tcp $HOME_NET any -> [102.129.139.65] 32999 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.129.139.65/; sid:900613358; rev:1;) alert tcp $HOME_NET any -> [45.182.189.105] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.182.189.105/; sid:900613360; rev:1;) alert tcp $HOME_NET any -> [185.106.94.174] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.106.94.174/; sid:900613361; rev:1;) alert tcp $HOME_NET any -> [88.214.27.74] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.214.27.74/; sid:900613362; rev:1;) alert tcp $HOME_NET any -> [78.128.112.208] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.128.112.208/; sid:900613363; rev:1;) alert tcp $HOME_NET any -> [80.85.140.152] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.85.140.152/; sid:900613364; rev:1;) alert tcp $HOME_NET any -> [185.106.94.177] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.106.94.177/; sid:900613365; rev:1;) alert tcp $HOME_NET any -> [80.85.140.43] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.85.140.43/; sid:900613366; rev:1;) alert tcp $HOME_NET any -> [185.106.94.152] 13720 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.106.94.152/; sid:900613367; rev:1;) alert tcp $HOME_NET any -> [91.215.85.216] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.215.85.216/; sid:900613368; rev:1;) alert tcp $HOME_NET any -> [91.215.85.154] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.215.85.154/; sid:900613369; rev:1;) alert tcp $HOME_NET any -> [91.215.85.197] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.215.85.197/; sid:900613370; rev:1;) alert tcp $HOME_NET any -> [109.107.182.10] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.182.10/; sid:900613371; rev:1;) alert tcp $HOME_NET any -> [109.107.182.11] 443 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.182.11/; sid:900613372; rev:1;) alert tcp $HOME_NET any -> [15.235.143.190] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.143.190/; sid:900613374; rev:1;) alert tcp $HOME_NET any -> [155.138.156.94] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.156.94/; sid:900613375; rev:1;) alert tcp $HOME_NET any -> [51.68.146.19] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.146.19/; sid:900613376; rev:1;) alert tcp $HOME_NET any -> [154.221.30.136] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.221.30.136/; sid:900613377; rev:1;) alert tcp $HOME_NET any -> [154.92.19.139] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.92.19.139/; sid:900613378; rev:1;) alert tcp $HOME_NET any -> [139.99.216.90] 13720 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.216.90/; sid:900613379; rev:1;) alert tcp $HOME_NET any -> [156.251.137.134] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.251.137.134/; sid:900613380; rev:1;) alert tcp $HOME_NET any -> [154.12.252.84] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.12.252.84/; sid:900613381; rev:1;) alert tcp $HOME_NET any -> [85.215.218.128] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.215.218.128/; sid:900613382; rev:1;) alert tcp $HOME_NET any -> [103.231.93.15] 5631 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.231.93.15/; sid:900613383; rev:1;) alert tcp $HOME_NET any -> [196.218.123.202] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.218.123.202/; sid:900613384; rev:1;) alert tcp $HOME_NET any -> [45.33.76.163] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.76.163/; sid:900613386; rev:1;) alert tcp $HOME_NET any -> [139.177.198.199] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.177.198.199/; sid:900613387; rev:1;) alert tcp $HOME_NET any -> [172.234.29.13] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.234.29.13/; sid:900613388; rev:1;) alert tcp $HOME_NET any -> [172.233.187.145] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.187.145/; sid:900613389; rev:1;) alert tcp $HOME_NET any -> [172.233.186.50] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.186.50/; sid:900613390; rev:1;) alert tcp $HOME_NET any -> [198.244.141.4] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.244.141.4/; sid:900613391; rev:1;) alert tcp $HOME_NET any -> [176.58.102.36] 2225 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.58.102.36/; sid:900613392; rev:1;) alert tcp $HOME_NET any -> [217.69.8.229] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.69.8.229/; sid:900613393; rev:1;) alert tcp $HOME_NET any -> [45.79.147.119] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.147.119/; sid:900613394; rev:1;) alert tcp $HOME_NET any -> [139.144.215.192] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.144.215.192/; sid:900613395; rev:1;) alert tcp $HOME_NET any -> [172.232.24.58] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.24.58/; sid:900613396; rev:1;) alert tcp $HOME_NET any -> [154.61.75.156] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.61.75.156/; sid:900613397; rev:1;) alert tcp $HOME_NET any -> [216.128.176.211] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.128.176.211/; sid:900613398; rev:1;) alert tcp $HOME_NET any -> [139.144.31.103] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.144.31.103/; sid:900613399; rev:1;) alert tcp $HOME_NET any -> [45.79.174.92] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.174.92/; sid:900613400; rev:1;) alert tcp $HOME_NET any -> [185.106.94.167] 5631 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.106.94.167/; sid:900613401; rev:1;) alert tcp $HOME_NET any -> [85.209.11.185] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.209.11.185/; sid:900613402; rev:1;) alert tcp $HOME_NET any -> [65.20.82.17] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.82.17/; sid:900613403; rev:1;) alert tcp $HOME_NET any -> [172.234.16.175] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.234.16.175/; sid:900613404; rev:1;) alert tcp $HOME_NET any -> [104.200.28.75] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.200.28.75/; sid:900613406; rev:1;) alert tcp $HOME_NET any -> [51.68.147.114] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.147.114/; sid:900613408; rev:1;) alert tcp $HOME_NET any -> [50.116.54.138] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.138/; sid:900613409; rev:1;) alert tcp $HOME_NET any -> [15.235.47.80] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.47.80/; sid:900613410; rev:1;) alert tcp $HOME_NET any -> [51.195.232.97] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.195.232.97/; sid:900613411; rev:1;) alert tcp $HOME_NET any -> [15.235.45.155] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.45.155/; sid:900613412; rev:1;) alert tcp $HOME_NET any -> [51.79.143.215] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.143.215/; sid:900613413; rev:1;) alert tcp $HOME_NET any -> [51.68.144.135] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.144.135/; sid:900613414; rev:1;) alert tcp $HOME_NET any -> [85.209.11.185] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.209.11.185/; sid:900613415; rev:1;) alert tcp $HOME_NET any -> [172.233.154.98] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.154.98/; sid:900613416; rev:1;) alert tcp $HOME_NET any -> [15.235.47.206] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.47.206/; sid:900613417; rev:1;) alert tcp $HOME_NET any -> [15.235.202.109] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.202.109/; sid:900613418; rev:1;) alert tcp $HOME_NET any -> [45.33.85.73] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.85.73/; sid:900613419; rev:1;) alert tcp $HOME_NET any -> [172.233.185.220] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.185.220/; sid:900613420; rev:1;) alert tcp $HOME_NET any -> [104.237.145.83] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.237.145.83/; sid:900613421; rev:1;) alert tcp $HOME_NET any -> [15.235.44.231] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.44.231/; sid:900613422; rev:1;) alert tcp $HOME_NET any -> [188.26.127.4] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.26.127.4/; sid:900613423; rev:1;) alert tcp $HOME_NET any -> [210.243.8.247] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.243.8.247/; sid:900613424; rev:1;) alert tcp $HOME_NET any -> [45.32.140.39] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.140.39/; sid:900613425; rev:1;) alert tcp $HOME_NET any -> [167.179.103.206] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.103.206/; sid:900613426; rev:1;) alert tcp $HOME_NET any -> [95.179.141.41] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.141.41/; sid:900613427; rev:1;) alert tcp $HOME_NET any -> [136.244.98.80] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.244.98.80/; sid:900613428; rev:1;) alert tcp $HOME_NET any -> [45.76.103.152] 13720 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.103.152/; sid:900613429; rev:1;) alert tcp $HOME_NET any -> [207.246.111.127] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.111.127/; sid:900613430; rev:1;) alert tcp $HOME_NET any -> [149.248.53.65] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.248.53.65/; sid:900613431; rev:1;) alert tcp $HOME_NET any -> [158.247.246.182] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.247.246.182/; sid:900613432; rev:1;) alert tcp $HOME_NET any -> [149.28.49.170] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.49.170/; sid:900613433; rev:1;) alert tcp $HOME_NET any -> [65.20.77.19] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.77.19/; sid:900613434; rev:1;) alert tcp $HOME_NET any -> [154.12.255.254] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.12.255.254/; sid:900613435; rev:1;) alert tcp $HOME_NET any -> [158.247.215.68] 2225 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.247.215.68/; sid:900613436; rev:1;) alert tcp $HOME_NET any -> [95.179.206.77] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.206.77/; sid:900613437; rev:1;) alert tcp $HOME_NET any -> [217.69.14.55] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.69.14.55/; sid:900613438; rev:1;) alert tcp $HOME_NET any -> [95.179.182.147] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.182.147/; sid:900613439; rev:1;) alert tcp $HOME_NET any -> [141.164.56.189] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.164.56.189/; sid:900613440; rev:1;) alert tcp $HOME_NET any -> [91.215.85.154] 60859 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.215.85.154/; sid:900613441; rev:1;) alert tcp $HOME_NET any -> [70.34.223.131] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.34.223.131/; sid:900613442; rev:1;) alert tcp $HOME_NET any -> [139.180.168.216] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.180.168.216/; sid:900613443; rev:1;) alert tcp $HOME_NET any -> [70.34.242.159] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.34.242.159/; sid:900613444; rev:1;) alert tcp $HOME_NET any -> [95.179.214.49] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.214.49/; sid:900613445; rev:1;) alert tcp $HOME_NET any -> [167.179.100.211] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.100.211/; sid:900613446; rev:1;) alert tcp $HOME_NET any -> [45.32.232.31] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.232.31/; sid:900613447; rev:1;) alert tcp $HOME_NET any -> [158.247.196.155] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.247.196.155/; sid:900613448; rev:1;) alert tcp $HOME_NET any -> [45.33.69.35] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.69.35/; sid:900613449; rev:1;) alert tcp $HOME_NET any -> [155.138.132.163] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.132.163/; sid:900613450; rev:1;) alert tcp $HOME_NET any -> [172.232.189.83] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.83/; sid:900613451; rev:1;) alert tcp $HOME_NET any -> [172.104.12.76] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.12.76/; sid:900613452; rev:1;) alert tcp $HOME_NET any -> [97.107.131.224] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.131.224/; sid:900613453; rev:1;) alert tcp $HOME_NET any -> [172.232.189.84] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.84/; sid:900613454; rev:1;) alert tcp $HOME_NET any -> [172.233.156.100] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.156.100/; sid:900613455; rev:1;) alert tcp $HOME_NET any -> [207.148.93.23] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.148.93.23/; sid:900613456; rev:1;) alert tcp $HOME_NET any -> [64.176.190.166] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.190.166/; sid:900613457; rev:1;) alert tcp $HOME_NET any -> [45.32.244.94] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.244.94/; sid:900613458; rev:1;) alert tcp $HOME_NET any -> [46.250.241.188] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.250.241.188/; sid:900613459; rev:1;) alert tcp $HOME_NET any -> [158.247.253.155] 2225 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.247.253.155/; sid:900613460; rev:1;) alert tcp $HOME_NET any -> [139.180.216.25] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.180.216.25/; sid:900613461; rev:1;) alert tcp $HOME_NET any -> [70.34.209.101] 13720 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.34.209.101/; sid:900613462; rev:1;) alert tcp $HOME_NET any -> [137.220.55.190] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.220.55.190/; sid:900613463; rev:1;) alert tcp $HOME_NET any -> [199.247.15.68] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.247.15.68/; sid:900613467; rev:1;) alert tcp $HOME_NET any -> [109.107.182.10] 64876 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.182.10/; sid:900613469; rev:1;) alert tcp $HOME_NET any -> [161.97.97.181] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.97.97.181/; sid:900613470; rev:1;) alert tcp $HOME_NET any -> [46.250.241.197] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.250.241.197/; sid:900613471; rev:1;) alert tcp $HOME_NET any -> [158.220.90.198] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.90.198/; sid:900613472; rev:1;) alert tcp $HOME_NET any -> [46.250.241.191] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.250.241.191/; sid:900613473; rev:1;) alert tcp $HOME_NET any -> [45.137.192.84] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.192.84/; sid:900613474; rev:1;) alert tcp $HOME_NET any -> [64.176.218.254] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.218.254/; sid:900613475; rev:1;) alert tcp $HOME_NET any -> [64.176.225.21] 2225 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.225.21/; sid:900613476; rev:1;) alert tcp $HOME_NET any -> [65.20.74.26] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.74.26/; sid:900613477; rev:1;) alert tcp $HOME_NET any -> [161.97.98.95] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.97.98.95/; sid:900613478; rev:1;) alert tcp $HOME_NET any -> [46.250.242.53] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.250.242.53/; sid:900613479; rev:1;) alert tcp $HOME_NET any -> [31.220.96.162] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.96.162/; sid:900613480; rev:1;) alert tcp $HOME_NET any -> [45.137.192.63] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.192.63/; sid:900613481; rev:1;) alert tcp $HOME_NET any -> [158.220.103.150] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.103.150/; sid:900613482; rev:1;) alert tcp $HOME_NET any -> [158.220.90.199] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.90.199/; sid:900613483; rev:1;) alert tcp $HOME_NET any -> [154.38.184.5] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.184.5/; sid:900613484; rev:1;) alert tcp $HOME_NET any -> [65.20.82.254] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.82.254/; sid:900613485; rev:1;) alert tcp $HOME_NET any -> [155.138.203.158] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.203.158/; sid:900613486; rev:1;) alert tcp $HOME_NET any -> [66.42.80.169] 5631 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.42.80.169/; sid:900613487; rev:1;) alert tcp $HOME_NET any -> [109.123.227.50] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.50/; sid:900613488; rev:1;) alert tcp $HOME_NET any -> [109.123.227.54] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.54/; sid:900613489; rev:1;) alert tcp $HOME_NET any -> [65.20.98.24] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.98.24/; sid:900613490; rev:1;) alert tcp $HOME_NET any -> [139.180.185.171] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.180.185.171/; sid:900613491; rev:1;) alert tcp $HOME_NET any -> [64.176.68.223] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.68.223/; sid:900613492; rev:1;) alert tcp $HOME_NET any -> [172.232.175.59] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.175.59/; sid:900613493; rev:1;) alert tcp $HOME_NET any -> [172.232.164.159] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.164.159/; sid:900613494; rev:1;) alert tcp $HOME_NET any -> [95.179.212.178] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.212.178/; sid:900613495; rev:1;) alert tcp $HOME_NET any -> [172.232.163.208] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.163.208/; sid:900613496; rev:1;) alert tcp $HOME_NET any -> [149.28.17.176] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.17.176/; sid:900613497; rev:1;) alert tcp $HOME_NET any -> [64.176.66.137] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.66.137/; sid:900613498; rev:1;) alert tcp $HOME_NET any -> [45.32.253.21] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.253.21/; sid:900613499; rev:1;) alert tcp $HOME_NET any -> [172.232.164.77] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.164.77/; sid:900613500; rev:1;) alert tcp $HOME_NET any -> [199.247.8.136] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.247.8.136/; sid:900613501; rev:1;) alert tcp $HOME_NET any -> [172.232.163.111] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.163.111/; sid:900613502; rev:1;) alert tcp $HOME_NET any -> [107.191.47.85] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.191.47.85/; sid:900613503; rev:1;) alert tcp $HOME_NET any -> [192.248.183.93] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.248.183.93/; sid:900613504; rev:1;) alert tcp $HOME_NET any -> [172.232.173.219] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.173.219/; sid:900613505; rev:1;) alert tcp $HOME_NET any -> [57.128.108.132] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.108.132/; sid:900613506; rev:1;) alert tcp $HOME_NET any -> [172.232.162.198] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.162.198/; sid:900613507; rev:1;) alert tcp $HOME_NET any -> [172.232.186.251] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.186.251/; sid:900613508; rev:1;) alert tcp $HOME_NET any -> [57.128.83.129] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.83.129/; sid:900613509; rev:1;) alert tcp $HOME_NET any -> [51.83.253.102] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.253.102/; sid:900613510; rev:1;) alert tcp $HOME_NET any -> [57.128.164.11] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.164.11/; sid:900613511; rev:1;) alert tcp $HOME_NET any -> [141.95.108.252] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.95.108.252/; sid:900613512; rev:1;) alert tcp $HOME_NET any -> [57.128.103.99] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.103.99/; sid:900613513; rev:1;) alert tcp $HOME_NET any -> [54.37.79.82] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.79.82/; sid:900613514; rev:1;) alert tcp $HOME_NET any -> [57.128.109.221] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.109.221/; sid:900613515; rev:1;) alert tcp $HOME_NET any -> [172.232.173.141] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.173.141/; sid:900613516; rev:1;) alert tcp $HOME_NET any -> [45.76.98.136] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.98.136/; sid:900613517; rev:1;) alert tcp $HOME_NET any -> [154.211.12.126] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.211.12.126/; sid:900613518; rev:1;) alert tcp $HOME_NET any -> [172.232.170.25] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.170.25/; sid:900613519; rev:1;) alert tcp $HOME_NET any -> [65.20.115.154] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.115.154/; sid:900613520; rev:1;) alert tcp $HOME_NET any -> [167.179.93.21] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.93.21/; sid:900613521; rev:1;) alert tcp $HOME_NET any -> [65.108.218.24] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.108.218.24/; sid:900613522; rev:1;) alert tcp $HOME_NET any -> [95.215.108.29] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.215.108.29/; sid:900613523; rev:1;) alert tcp $HOME_NET any -> [78.46.200.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.200.68/; sid:900613524; rev:1;) alert tcp $HOME_NET any -> [85.209.11.185] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.209.11.185/; sid:900613525; rev:1;) alert tcp $HOME_NET any -> [91.103.252.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.103.252.217/; sid:900613526; rev:1;) alert tcp $HOME_NET any -> [77.91.78.192] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.91.78.192/; sid:900613527; rev:1;) alert tcp $HOME_NET any -> [172.232.163.182] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.163.182/; sid:900613528; rev:1;) alert tcp $HOME_NET any -> [149.28.189.244] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.189.244/; sid:900613529; rev:1;) alert tcp $HOME_NET any -> [45.56.71.218] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.71.218/; sid:900613530; rev:1;) alert tcp $HOME_NET any -> [51.161.81.190] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.161.81.190/; sid:900613531; rev:1;) alert tcp $HOME_NET any -> [45.76.96.172] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.96.172/; sid:900613532; rev:1;) alert tcp $HOME_NET any -> [78.141.200.111] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.141.200.111/; sid:900613533; rev:1;) alert tcp $HOME_NET any -> [149.28.100.66] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.100.66/; sid:900613534; rev:1;) alert tcp $HOME_NET any -> [172.232.54.192] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.54.192/; sid:900613535; rev:1;) alert tcp $HOME_NET any -> [65.20.85.39] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.85.39/; sid:900613536; rev:1;) alert tcp $HOME_NET any -> [172.232.189.166] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.166/; sid:900613537; rev:1;) alert tcp $HOME_NET any -> [45.138.74.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.74.191/; sid:900613538; rev:1;) alert tcp $HOME_NET any -> [64.176.13.28] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.176.13.28/; sid:900613539; rev:1;) alert tcp $HOME_NET any -> [70.34.196.219] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.34.196.219/; sid:900613540; rev:1;) alert tcp $HOME_NET any -> [208.76.221.253] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.76.221.253/; sid:900613541; rev:1;) alert tcp $HOME_NET any -> [45.76.22.139] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.22.139/; sid:900613542; rev:1;) alert tcp $HOME_NET any -> [45.33.15.215] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.15.215/; sid:900613543; rev:1;) alert tcp $HOME_NET any -> [172.232.188.4] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.188.4/; sid:900613544; rev:1;) alert tcp $HOME_NET any -> [155.138.140.156] 13720 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.140.156/; sid:900613545; rev:1;) alert tcp $HOME_NET any -> [216.238.79.12] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.79.12/; sid:900613546; rev:1;) alert tcp $HOME_NET any -> [78.141.223.212] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.141.223.212/; sid:900613547; rev:1;) alert tcp $HOME_NET any -> [116.203.56.11] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.56.11/; sid:900613548; rev:1;) alert tcp $HOME_NET any -> [109.107.181.8] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.181.8/; sid:900613549; rev:1;) alert tcp $HOME_NET any -> [104.207.143.168] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.207.143.168/; sid:900613551; rev:1;) alert tcp $HOME_NET any -> [216.128.151.26] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.128.151.26/; sid:900613552; rev:1;) alert tcp $HOME_NET any -> [149.28.252.250] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.252.250/; sid:900613553; rev:1;) alert tcp $HOME_NET any -> [154.38.185.132] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.185.132/; sid:900613554; rev:1;) alert tcp $HOME_NET any -> [172.232.189.134] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.134/; sid:900613555; rev:1;) alert tcp $HOME_NET any -> [185.187.235.158] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.187.235.158/; sid:900613556; rev:1;) alert tcp $HOME_NET any -> [154.38.185.138] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.185.138/; sid:900613557; rev:1;) alert tcp $HOME_NET any -> [46.250.253.58] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.250.253.58/; sid:900613558; rev:1;) alert tcp $HOME_NET any -> [154.38.185.135] 13782 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.185.135/; sid:900613559; rev:1;) alert tcp $HOME_NET any -> [89.117.55.178] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.117.55.178/; sid:900613560; rev:1;) alert tcp $HOME_NET any -> [89.117.55.179] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.117.55.179/; sid:900613561; rev:1;) alert tcp $HOME_NET any -> [95.215.108.41] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.215.108.41/; sid:900613564; rev:1;) alert tcp $HOME_NET any -> [109.123.227.167] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.167/; sid:900613565; rev:1;) alert tcp $HOME_NET any -> [144.91.113.0] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.113.0/; sid:900613566; rev:1;) alert tcp $HOME_NET any -> [109.123.227.166] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.166/; sid:900613569; rev:1;) alert tcp $HOME_NET any -> [5.180.151.194] 5631 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.180.151.194/; sid:900613570; rev:1;) alert tcp $HOME_NET any -> [154.38.185.136] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.185.136/; sid:900613571; rev:1;) alert tcp $HOME_NET any -> [5.180.151.180] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.180.151.180/; sid:900613572; rev:1;) alert tcp $HOME_NET any -> [109.123.227.170] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.170/; sid:900613573; rev:1;) alert tcp $HOME_NET any -> [109.123.227.147] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.147/; sid:900613574; rev:1;) alert tcp $HOME_NET any -> [85.239.237.153] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.237.153/; sid:900613575; rev:1;) alert tcp $HOME_NET any -> [154.38.164.50] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.164.50/; sid:900613576; rev:1;) alert tcp $HOME_NET any -> [109.123.227.174] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.174/; sid:900613577; rev:1;) alert tcp $HOME_NET any -> [109.123.227.158] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.123.227.158/; sid:900613578; rev:1;) alert tcp $HOME_NET any -> [5.149.249.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.149.249.185/; sid:900613579; rev:1;) alert tcp $HOME_NET any -> [85.239.243.3] 23399 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.243.3/; sid:900613580; rev:1;) alert tcp $HOME_NET any -> [37.252.6.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.252.6.219/; sid:900613581; rev:1;) alert tcp $HOME_NET any -> [185.117.90.142] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.90.142/; sid:900613582; rev:1;) alert tcp $HOME_NET any -> [95.215.108.41] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.215.108.41/; sid:900613583; rev:1;) alert tcp $HOME_NET any -> [188.116.26.246] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.116.26.246/; sid:900613584; rev:1;) alert tcp $HOME_NET any -> [185.117.90.142] 6882 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.90.142/; sid:900613585; rev:1;) alert tcp $HOME_NET any -> [146.70.158.28] 6882 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.70.158.28/; sid:900613586; rev:1;) alert tcp $HOME_NET any -> [116.202.110.87] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.202.110.87/; sid:900613587; rev:1;) alert tcp $HOME_NET any -> [77.73.39.175] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.73.39.175/; sid:900613588; rev:1;) alert tcp $HOME_NET any -> [77.73.39.175] 1194 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.73.39.175/; sid:900613589; rev:1;) alert tcp $HOME_NET any -> [185.113.8.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.113.8.123/; sid:900613590; rev:1;) alert tcp $HOME_NET any -> [62.204.41.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.204.41.234/; sid:900613591; rev:1;) alert tcp $HOME_NET any -> [158.220.80.167] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.80.167/; sid:900613592; rev:1;) alert tcp $HOME_NET any -> [85.239.243.155] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.239.243.155/; sid:900613593; rev:1;) alert tcp $HOME_NET any -> [139.84.237.229] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.84.237.229/; sid:900613594; rev:1;) alert tcp $HOME_NET any -> [104.129.55.104] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.55.104/; sid:900613595; rev:1;) alert tcp $HOME_NET any -> [37.60.242.85] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.60.242.85/; sid:900613596; rev:1;) alert tcp $HOME_NET any -> [95.179.191.137] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.191.137/; sid:900613597; rev:1;) alert tcp $HOME_NET any -> [65.20.66.218] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.66.218/; sid:900613598; rev:1;) alert tcp $HOME_NET any -> [158.220.80.157] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.80.157/; sid:900613599; rev:1;) alert tcp $HOME_NET any -> [104.129.55.103] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.55.103/; sid:900613600; rev:1;) alert tcp $HOME_NET any -> [178.18.246.136] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.18.246.136/; sid:900613601; rev:1;) alert tcp $HOME_NET any -> [23.226.138.143] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.226.138.143/; sid:900613602; rev:1;) alert tcp $HOME_NET any -> [23.226.138.161] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.226.138.161/; sid:900613603; rev:1;) alert tcp $HOME_NET any -> [37.60.242.86] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.60.242.86/; sid:900613604; rev:1;) alert tcp $HOME_NET any -> [86.38.225.108] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.38.225.108/; sid:900613605; rev:1;) alert tcp $HOME_NET any -> [86.38.225.106] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.38.225.106/; sid:900613606; rev:1;) alert tcp $HOME_NET any -> [86.38.225.105] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.38.225.105/; sid:900613607; rev:1;) alert tcp $HOME_NET any -> [104.129.55.106] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.55.106/; sid:900613608; rev:1;) alert tcp $HOME_NET any -> [45.32.248.100] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.248.100/; sid:900613609; rev:1;) alert tcp $HOME_NET any -> [45.76.251.190] 5631 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.251.190/; sid:900613610; rev:1;) alert tcp $HOME_NET any -> [103.82.243.5] 13785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.243.5/; sid:900613611; rev:1;) alert tcp $HOME_NET any -> [104.129.55.105] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.55.105/; sid:900613612; rev:1;) alert tcp $HOME_NET any -> [108.61.78.17] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.61.78.17/; sid:900613613; rev:1;) alert tcp $HOME_NET any -> [104.156.233.235] 2226 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.156.233.235/; sid:900613614; rev:1;) alert tcp $HOME_NET any -> [131.153.231.178] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.153.231.178/; sid:900613615; rev:1;) alert tcp $HOME_NET any -> [95.179.135.3] 2225 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.135.3/; sid:900613616; rev:1;) alert tcp $HOME_NET any -> [86.38.225.109] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.38.225.109/; sid:900613617; rev:1;) alert tcp $HOME_NET any -> [172.232.189.219] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.219/; sid:900613618; rev:1;) alert tcp $HOME_NET any -> [198.44.187.12] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.44.187.12/; sid:900613619; rev:1;) alert tcp $HOME_NET any -> [45.32.21.184] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.21.184/; sid:900613620; rev:1;) alert tcp $HOME_NET any -> [172.232.189.10] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.189.10/; sid:900613621; rev:1;) alert tcp $HOME_NET any -> [172.232.162.97] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.162.97/; sid:900613622; rev:1;) alert tcp $HOME_NET any -> [155.138.147.62] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.147.62/; sid:900613623; rev:1;) alert tcp $HOME_NET any -> [172.232.186.100] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.186.100/; sid:900613624; rev:1;) alert tcp $HOME_NET any -> [185.179.217.216] 9785 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.179.217.216/; sid:900613625; rev:1;) alert tcp $HOME_NET any -> [172.232.174.6] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.174.6/; sid:900613626; rev:1;) alert tcp $HOME_NET any -> [172.232.190.57] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.190.57/; sid:900613627; rev:1;) alert tcp $HOME_NET any -> [89.117.23.34] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.117.23.34/; sid:900613628; rev:1;) alert tcp $HOME_NET any -> [89.117.23.185] 2221 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.117.23.185/; sid:900613629; rev:1;) alert tcp $HOME_NET any -> [57.128.165.176] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.128.165.176/; sid:900613630; rev:1;) alert tcp $HOME_NET any -> [141.95.106.106] 2967 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.95.106.106/; sid:900613631; rev:1;) alert tcp $HOME_NET any -> [154.12.248.41] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.12.248.41/; sid:900613632; rev:1;) alert tcp $HOME_NET any -> [145.239.135.24] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.135.24/; sid:900613633; rev:1;) alert tcp $HOME_NET any -> [89.117.23.186] 5632 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.117.23.186/; sid:900613634; rev:1;) alert tcp $HOME_NET any -> [148.113.141.220] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.113.141.220/; sid:900613635; rev:1;) alert tcp $HOME_NET any -> [154.38.175.241] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.38.175.241/; sid:900613636; rev:1;) alert tcp $HOME_NET any -> [154.12.233.66] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.12.233.66/; sid:900613637; rev:1;) alert tcp $HOME_NET any -> [109.199.99.131] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.199.99.131/; sid:900613638; rev:1;) alert tcp $HOME_NET any -> [192.248.159.76] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.248.159.76/; sid:900613639; rev:1;) alert tcp $HOME_NET any -> [65.20.73.169] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.73.169/; sid:900613640; rev:1;) alert tcp $HOME_NET any -> [84.46.240.42] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.46.240.42/; sid:900613641; rev:1;) alert tcp $HOME_NET any -> [209.126.86.48] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.86.48/; sid:900613642; rev:1;) alert tcp $HOME_NET any -> [154.12.236.248] 13786 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.12.236.248/; sid:900613643; rev:1;) alert tcp $HOME_NET any -> [94.72.104.77] 13724 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.72.104.77/; sid:900613644; rev:1;) alert tcp $HOME_NET any -> [154.53.55.165] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.53.55.165/; sid:900613645; rev:1;) alert tcp $HOME_NET any -> [94.72.104.80] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.72.104.80/; sid:900613646; rev:1;) alert tcp $HOME_NET any -> [198.38.94.213] 2224 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.38.94.213/; sid:900613647; rev:1;) alert tcp $HOME_NET any -> [158.220.95.214] 5243 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.95.214/; sid:900613648; rev:1;) alert tcp $HOME_NET any -> [64.23.199.206] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.23.199.206/; sid:900613649; rev:1;) alert tcp $HOME_NET any -> [172.232.208.90] 2223 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.208.90/; sid:900613650; rev:1;) alert tcp $HOME_NET any -> [213.199.41.33] 13721 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.199.41.33/; sid:900613651; rev:1;) alert tcp $HOME_NET any -> [194.233.91.144] 5000 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.233.91.144/; sid:900613652; rev:1;) alert tcp $HOME_NET any -> [158.220.95.215] 5242 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.220.95.215/; sid:900613653; rev:1;) alert tcp $HOME_NET any -> [84.247.157.112] 13783 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.247.157.112/; sid:900613654; rev:1;) alert tcp $HOME_NET any -> [172.233.221.61] 5938 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.221.61/; sid:900613655; rev:1;) alert tcp $HOME_NET any -> [172.233.155.253] 2078 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.233.155.253/; sid:900613656; rev:1;) alert tcp $HOME_NET any -> [31.210.173.10] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.210.173.10/; sid:900613657; rev:1;) alert tcp $HOME_NET any -> [5.252.177.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.177.195/; sid:900613658; rev:1;) alert tcp $HOME_NET any -> [62.204.41.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.204.41.234/; sid:900613659; rev:1;) alert tcp $HOME_NET any -> [77.105.162.176] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.105.162.176/; sid:900613660; rev:1;) alert tcp $HOME_NET any -> [38.180.142.98] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.180.142.98/; sid:900613661; rev:1;) alert tcp $HOME_NET any -> [45.85.117.76] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.85.117.76/; sid:900613662; rev:1;) alert tcp $HOME_NET any -> [93.88.74.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.88.74.63/; sid:900613663; rev:1;) alert tcp $HOME_NET any -> [172.234.250.178] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.234.250.178/; sid:900613664; rev:1;) alert tcp $HOME_NET any -> [172.234.244.189] 1194 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.234.244.189/; sid:900613665; rev:1;) alert tcp $HOME_NET any -> [172.232.188.170] 2083 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.188.170/; sid:900613666; rev:1;) alert tcp $HOME_NET any -> [172.232.185.9] 2222 (msg:"Feodo Tracker: potential Pikabot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.185.9/; sid:900613667; rev:1;) alert tcp $HOME_NET any -> [107.191.57.63] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.191.57.63/; sid:900613671; rev:1;) alert tcp $HOME_NET any -> [3.228.226.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.228.226.42/; sid:900613673; rev:1;) alert tcp $HOME_NET any -> [172.232.58.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.58.59/; sid:900613678; rev:1;) alert tcp $HOME_NET any -> [5.253.59.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.59.162/; sid:900613679; rev:1;) alert tcp $HOME_NET any -> [91.230.49.1] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.230.49.1/; sid:900613682; rev:1;) alert tcp $HOME_NET any -> [193.238.227.136] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.238.227.136/; sid:900613683; rev:1;) alert tcp $HOME_NET any -> [172.232.58.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.58.237/; sid:900613684; rev:1;) alert tcp $HOME_NET any -> [172.232.58.169] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.232.58.169/; sid:900613685; rev:1;) alert tcp $HOME_NET any -> [109.172.92.205] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.172.92.205/; sid:900613688; rev:1;) # END 7971 entries