################################################################
# abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive)  #
# Last updated: 2021-12-06 12:13:53 UTC                        #
#                                                              #
# Terms Of Use: https://feodotracker.abuse.ch/blocklist/       #
# For questions please contact feodotracker [at] abuse.ch      #
################################################################
#
alert tcp $HOME_NET any -> [67.213.75.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.213.75.205/; sid:900605001; rev:1;)
alert tcp $HOME_NET any -> [192.73.238.101] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.73.238.101/; sid:900605002; rev:1;)
alert tcp $HOME_NET any -> [51.178.161.32] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.161.32/; sid:900605003; rev:1;)
alert tcp $HOME_NET any -> [194.58.98.196] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.58.98.196/; sid:900605004; rev:1;)
alert tcp $HOME_NET any -> [142.4.6.57] 14043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.6.57/; sid:900605005; rev:1;)
alert tcp $HOME_NET any -> [64.225.35.35] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.35.35/; sid:900605006; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.230] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605007; rev:1;)
alert tcp $HOME_NET any -> [93.186.200.154] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.186.200.154/; sid:900605009; rev:1;)
alert tcp $HOME_NET any -> [162.144.127.197] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.127.197/; sid:900605010; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605011; rev:1;)
alert tcp $HOME_NET any -> [5.9.178.143] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.143/; sid:900605012; rev:1;)
alert tcp $HOME_NET any -> [37.139.2.140] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.2.140/; sid:900605013; rev:1;)
alert tcp $HOME_NET any -> [49.212.179.180] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.179.180/; sid:900605014; rev:1;)
alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605016; rev:1;)
alert tcp $HOME_NET any -> [195.231.69.151] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.231.69.151/; sid:900605018; rev:1;)
alert tcp $HOME_NET any -> [221.126.244.72] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.126.244.72/; sid:900605019; rev:1;)
alert tcp $HOME_NET any -> [157.7.166.26] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.166.26/; sid:900605020; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.83] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.83/; sid:900605021; rev:1;)
alert tcp $HOME_NET any -> [208.71.173.207] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.71.173.207/; sid:900605022; rev:1;)
alert tcp $HOME_NET any -> [80.86.91.27] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.91.27/; sid:900605023; rev:1;)
alert tcp $HOME_NET any -> [5.100.228.233] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.100.228.233/; sid:900605024; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.37] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.37/; sid:900605025; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.65] 1512 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.65/; sid:900605026; rev:1;)
alert tcp $HOME_NET any -> [69.64.62.4] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.62.4/; sid:900605027; rev:1;)
alert tcp $HOME_NET any -> [162.241.44.26] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.44.26/; sid:900605028; rev:1;)
alert tcp $HOME_NET any -> [111.230.104.169] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.230.104.169/; sid:900605029; rev:1;)
alert tcp $HOME_NET any -> [217.79.184.243] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.79.184.243/; sid:900605030; rev:1;)
alert tcp $HOME_NET any -> [194.150.118.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.7/; sid:900605031; rev:1;)
alert tcp $HOME_NET any -> [199.66.90.63] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.66.90.63/; sid:900605035; rev:1;)
alert tcp $HOME_NET any -> [81.169.224.222] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.224.222/; sid:900605036; rev:1;)
alert tcp $HOME_NET any -> [62.75.168.106] 3886 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.106/; sid:900605037; rev:1;)
alert tcp $HOME_NET any -> [82.165.152.127] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.152.127/; sid:900605038; rev:1;)
alert tcp $HOME_NET any -> [178.254.40.132] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.132/; sid:900605039; rev:1;)
alert tcp $HOME_NET any -> [216.172.165.70] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.172.165.70/; sid:900605041; rev:1;)
alert tcp $HOME_NET any -> [85.207.13.169] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.207.13.169/; sid:900605043; rev:1;)
alert tcp $HOME_NET any -> [104.131.164.93] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.164.93/; sid:900605045; rev:1;)
alert tcp $HOME_NET any -> [46.101.90.205] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.90.205/; sid:900605046; rev:1;)
alert tcp $HOME_NET any -> [123.206.58.135] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.206.58.135/; sid:900605047; rev:1;)
alert tcp $HOME_NET any -> [94.126.8.2] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.126.8.2/; sid:900605054; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.39/; sid:900605055; rev:1;)
alert tcp $HOME_NET any -> [78.47.139.43] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.139.43/; sid:900605056; rev:1;)
alert tcp $HOME_NET any -> [89.174.36.41] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.174.36.41/; sid:900605057; rev:1;)
alert tcp $HOME_NET any -> [169.255.216.36] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.216.36/; sid:900605058; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.122] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.122/; sid:900605059; rev:1;)
alert tcp $HOME_NET any -> [103.40.116.68] 5443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.40.116.68/; sid:900605063; rev:1;)
alert tcp $HOME_NET any -> [67.79.105.174] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.105.174/; sid:900605065; rev:1;)
alert tcp $HOME_NET any -> [45.79.226.106] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.226.106/; sid:900605066; rev:1;)
alert tcp $HOME_NET any -> [2.58.16.89] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.89/; sid:900605067; rev:1;)
alert tcp $HOME_NET any -> [27.254.174.93] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.93/; sid:900605068; rev:1;)
alert tcp $HOME_NET any -> [178.254.22.25] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.22.25/; sid:900605069; rev:1;)
alert tcp $HOME_NET any -> [45.56.127.75] 49160 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.127.75/; sid:900605070; rev:1;)
alert tcp $HOME_NET any -> [103.41.110.115] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.41.110.115/; sid:900605071; rev:1;)
alert tcp $HOME_NET any -> [209.59.199.129] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.59.199.129/; sid:900605072; rev:1;)
alert tcp $HOME_NET any -> [54.38.143.246] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.246/; sid:900605073; rev:1;)
alert tcp $HOME_NET any -> [153.122.13.133] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.13.133/; sid:900605074; rev:1;)
alert tcp $HOME_NET any -> [142.93.181.37] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.181.37/; sid:900605075; rev:1;)
alert tcp $HOME_NET any -> [92.38.128.47] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.128.47/; sid:900605076; rev:1;)
alert tcp $HOME_NET any -> [188.165.17.91] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.17.91/; sid:900605077; rev:1;)
alert tcp $HOME_NET any -> [188.40.34.210] 4643 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.34.210/; sid:900605078; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.229] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.229/; sid:900605079; rev:1;)
alert tcp $HOME_NET any -> [178.62.23.64] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.23.64/; sid:900605081; rev:1;)
alert tcp $HOME_NET any -> [167.99.158.82] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.158.82/; sid:900605082; rev:1;)
alert tcp $HOME_NET any -> [103.244.206.74] 33443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.244.206.74/; sid:900605083; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.121] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.121/; sid:900605084; rev:1;)
alert tcp $HOME_NET any -> [162.241.204.233] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.233/; sid:900605085; rev:1;)
alert tcp $HOME_NET any -> [138.122.143.40] 8043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.143.40/; sid:900605086; rev:1;)
alert tcp $HOME_NET any -> [198.57.200.100] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.200.100/; sid:900605087; rev:1;)
alert tcp $HOME_NET any -> [175.126.167.148] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.126.167.148/; sid:900605088; rev:1;)
alert tcp $HOME_NET any -> [85.25.109.116] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.109.116/; sid:900605089; rev:1;)
alert tcp $HOME_NET any -> [185.59.223.86] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.59.223.86/; sid:900605090; rev:1;)
alert tcp $HOME_NET any -> [87.106.89.36] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.89.36/; sid:900605091; rev:1;)
alert tcp $HOME_NET any -> [51.15.176.55] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.176.55/; sid:900605092; rev:1;)
alert tcp $HOME_NET any -> [27.254.174.84] 4443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.254.174.84/; sid:900605093; rev:1;)
alert tcp $HOME_NET any -> [172.86.186.22] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.186.22/; sid:900605094; rev:1;)
alert tcp $HOME_NET any -> [62.138.14.216] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.14.216/; sid:900605095; rev:1;)
alert tcp $HOME_NET any -> [46.4.83.131] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.83.131/; sid:900605096; rev:1;)
alert tcp $HOME_NET any -> [213.202.229.72] 3074 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.202.229.72/; sid:900605097; rev:1;)
alert tcp $HOME_NET any -> [52.73.70.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.73.70.149/; sid:900605098; rev:1;)
alert tcp $HOME_NET any -> [8.4.9.152] 3786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.4.9.152/; sid:900605099; rev:1;)
alert tcp $HOME_NET any -> [185.246.87.202] 3098 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.87.202/; sid:900605100; rev:1;)
alert tcp $HOME_NET any -> [69.16.193.166] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.16.193.166/; sid:900605101; rev:1;)
alert tcp $HOME_NET any -> [217.160.78.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.78.166/; sid:900605104; rev:1;)
alert tcp $HOME_NET any -> [45.77.154.161] 1688 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.154.161/; sid:900605105; rev:1;)
alert tcp $HOME_NET any -> [69.164.207.140] 3388 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.207.140/; sid:900605106; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.78] 14431 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.78/; sid:900605107; rev:1;)
alert tcp $HOME_NET any -> [36.89.191.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.191.119/; sid:900605108; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605109; rev:1;)
alert tcp $HOME_NET any -> [23.160.192.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.192.125/; sid:900605110; rev:1;)
alert tcp $HOME_NET any -> [107.172.188.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.188.113/; sid:900605111; rev:1;)
alert tcp $HOME_NET any -> [5.202.150.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.202.150.151/; sid:900605112; rev:1;)
alert tcp $HOME_NET any -> [103.150.68.124] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.68.124/; sid:900605113; rev:1;)
alert tcp $HOME_NET any -> [185.109.54.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.109.54.99/; sid:900605114; rev:1;)
alert tcp $HOME_NET any -> [190.151.130.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.130.12/; sid:900605115; rev:1;)
alert tcp $HOME_NET any -> [36.94.167.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900605116; rev:1;)
alert tcp $HOME_NET any -> [103.61.101.11] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.101.11/; sid:900605117; rev:1;)
alert tcp $HOME_NET any -> [45.230.244.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.244.20/; sid:900605118; rev:1;)
alert tcp $HOME_NET any -> [58.97.211.3] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.97.211.3/; sid:900605119; rev:1;)
alert tcp $HOME_NET any -> [186.250.157.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.157.116/; sid:900605120; rev:1;)
alert tcp $HOME_NET any -> [190.214.12.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.12.202/; sid:900605121; rev:1;)
alert tcp $HOME_NET any -> [23.160.193.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.160.193.106/; sid:900605123; rev:1;)
alert tcp $HOME_NET any -> [200.52.147.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.147.93/; sid:900605124; rev:1;)
alert tcp $HOME_NET any -> [45.226.124.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605125; rev:1;)
alert tcp $HOME_NET any -> [187.189.99.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.99.216/; sid:900605126; rev:1;)
alert tcp $HOME_NET any -> [45.148.120.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.173/; sid:900605127; rev:1;)
alert tcp $HOME_NET any -> [45.234.212.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.212.234/; sid:900605129; rev:1;)
alert tcp $HOME_NET any -> [36.94.113.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.113.249/; sid:900605130; rev:1;)
alert tcp $HOME_NET any -> [185.118.15.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.118.15.137/; sid:900605131; rev:1;)
alert tcp $HOME_NET any -> [212.126.125.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.126.125.10/; sid:900605132; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.181/; sid:900605136; rev:1;)
alert tcp $HOME_NET any -> [222.124.7.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.7.150/; sid:900605137; rev:1;)
alert tcp $HOME_NET any -> [36.94.62.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.62.207/; sid:900605138; rev:1;)
alert tcp $HOME_NET any -> [45.155.173.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.196/; sid:900605140; rev:1;)
alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900605147; rev:1;)
alert tcp $HOME_NET any -> [103.69.216.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.216.154/; sid:900605148; rev:1;)
alert tcp $HOME_NET any -> [43.245.216.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.238/; sid:900605153; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.24/; sid:900605156; rev:1;)
alert tcp $HOME_NET any -> [186.137.85.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.85.76/; sid:900605159; rev:1;)
alert tcp $HOME_NET any -> [182.253.107.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.107.34/; sid:900605167; rev:1;)
alert tcp $HOME_NET any -> [103.91.244.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.50/; sid:900605168; rev:1;)
alert tcp $HOME_NET any -> [177.221.108.198] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.108.198/; sid:900605171; rev:1;)
alert tcp $HOME_NET any -> [104.161.32.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.108/; sid:900605172; rev:1;)
alert tcp $HOME_NET any -> [50.116.111.64] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.64/; sid:900605173; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.234] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.234/; sid:900605174; rev:1;)
alert tcp $HOME_NET any -> [194.225.58.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.225.58.214/; sid:900605175; rev:1;)
alert tcp $HOME_NET any -> [211.110.44.63] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.44.63/; sid:900605176; rev:1;)
alert tcp $HOME_NET any -> [85.204.116.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.83/; sid:900605178; rev:1;)
alert tcp $HOME_NET any -> [83.151.14.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.151.14.13/; sid:900605179; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.40] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.40/; sid:900605200; rev:1;)
alert tcp $HOME_NET any -> [12.175.220.98] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.175.220.98/; sid:900605201; rev:1;)
alert tcp $HOME_NET any -> [24.178.90.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.90.49/; sid:900605202; rev:1;)
alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:900605203; rev:1;)
alert tcp $HOME_NET any -> [175.103.38.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.38.146/; sid:900605204; rev:1;)
alert tcp $HOME_NET any -> [69.49.88.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.49.88.46/; sid:900605205; rev:1;)
alert tcp $HOME_NET any -> [167.114.153.111] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.153.111/; sid:900605206; rev:1;)
alert tcp $HOME_NET any -> [194.190.67.75] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.67.75/; sid:900605207; rev:1;)
alert tcp $HOME_NET any -> [61.19.246.238] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.246.238/; sid:900605208; rev:1;)
alert tcp $HOME_NET any -> [95.9.5.93] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.5.93/; sid:900605209; rev:1;)
alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900605210; rev:1;)
alert tcp $HOME_NET any -> [115.94.207.99] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.94.207.99/; sid:900605211; rev:1;)
alert tcp $HOME_NET any -> [81.214.253.80] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.253.80/; sid:900605212; rev:1;)
alert tcp $HOME_NET any -> [220.245.198.194] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.198.194/; sid:900605213; rev:1;)
alert tcp $HOME_NET any -> [120.150.60.189] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.60.189/; sid:900605214; rev:1;)
alert tcp $HOME_NET any -> [110.142.236.207] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.236.207/; sid:900605215; rev:1;)
alert tcp $HOME_NET any -> [12.163.208.58] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.163.208.58/; sid:900605216; rev:1;)
alert tcp $HOME_NET any -> [81.215.230.173] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.230.173/; sid:900605217; rev:1;)
alert tcp $HOME_NET any -> [60.93.23.51] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.93.23.51/; sid:900605219; rev:1;)
alert tcp $HOME_NET any -> [78.90.78.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.90.78.210/; sid:900605220; rev:1;)
alert tcp $HOME_NET any -> [177.23.7.151] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.23.7.151/; sid:900605221; rev:1;)
alert tcp $HOME_NET any -> [161.49.84.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.49.84.2/; sid:900605222; rev:1;)
alert tcp $HOME_NET any -> [85.105.111.166] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.111.166/; sid:900605223; rev:1;)
alert tcp $HOME_NET any -> [65.32.168.171] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.32.168.171/; sid:900605224; rev:1;)
alert tcp $HOME_NET any -> [64.207.182.168] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.182.168/; sid:900605225; rev:1;)
alert tcp $HOME_NET any -> [120.150.218.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900605226; rev:1;)
alert tcp $HOME_NET any -> [172.125.40.123] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.125.40.123/; sid:900605227; rev:1;)
alert tcp $HOME_NET any -> [45.16.226.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.16.226.117/; sid:900605228; rev:1;)
alert tcp $HOME_NET any -> [110.37.224.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.224.243/; sid:900605229; rev:1;)
alert tcp $HOME_NET any -> [103.93.220.182] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.93.220.182/; sid:900605231; rev:1;)
alert tcp $HOME_NET any -> [91.75.75.46] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.75.75.46/; sid:900605232; rev:1;)
alert tcp $HOME_NET any -> [185.201.9.197] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.201.9.197/; sid:900605233; rev:1;)
alert tcp $HOME_NET any -> [163.53.204.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.204.180/; sid:900605234; rev:1;)
alert tcp $HOME_NET any -> [203.157.152.9] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.157.152.9/; sid:900605235; rev:1;)
alert tcp $HOME_NET any -> [185.208.226.142] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.208.226.142/; sid:900605236; rev:1;)
alert tcp $HOME_NET any -> [190.85.46.52] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.46.52/; sid:900605238; rev:1;)
alert tcp $HOME_NET any -> [188.165.214.98] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.98/; sid:900605239; rev:1;)
alert tcp $HOME_NET any -> [50.116.111.59] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.111.59/; sid:900605240; rev:1;)
alert tcp $HOME_NET any -> [190.103.228.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.228.24/; sid:900605243; rev:1;)
alert tcp $HOME_NET any -> [80.15.100.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.100.37/; sid:900605244; rev:1;)
alert tcp $HOME_NET any -> [117.2.139.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.139.117/; sid:900605245; rev:1;)
alert tcp $HOME_NET any -> [152.170.79.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.79.100/; sid:900605246; rev:1;)
alert tcp $HOME_NET any -> [211.215.18.93] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.215.18.93/; sid:900605247; rev:1;)
alert tcp $HOME_NET any -> [187.162.248.237] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.248.237/; sid:900605248; rev:1;)
alert tcp $HOME_NET any -> [110.39.160.38] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.160.38/; sid:900605249; rev:1;)
alert tcp $HOME_NET any -> [213.52.74.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.52.74.198/; sid:900605250; rev:1;)
alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900605251; rev:1;)
alert tcp $HOME_NET any -> [24.179.13.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.119/; sid:900605252; rev:1;)
alert tcp $HOME_NET any -> [121.124.124.40] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.124.124.40/; sid:900605253; rev:1;)
alert tcp $HOME_NET any -> [12.162.84.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900605254; rev:1;)
alert tcp $HOME_NET any -> [206.189.232.2] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.232.2/; sid:900605255; rev:1;)
alert tcp $HOME_NET any -> [51.89.36.180] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.36.180/; sid:900605256; rev:1;)
alert tcp $HOME_NET any -> [132.248.38.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.38.158/; sid:900605257; rev:1;)
alert tcp $HOME_NET any -> [75.177.207.146] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.207.146/; sid:900605258; rev:1;)
alert tcp $HOME_NET any -> [74.40.205.197] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.40.205.197/; sid:900605259; rev:1;)
alert tcp $HOME_NET any -> [62.84.75.50] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.84.75.50/; sid:900605260; rev:1;)
alert tcp $HOME_NET any -> [46.105.114.137] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.114.137/; sid:900605261; rev:1;)
alert tcp $HOME_NET any -> [109.99.146.210] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.99.146.210/; sid:900605262; rev:1;)
alert tcp $HOME_NET any -> [104.236.52.89] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.52.89/; sid:900605263; rev:1;)
alert tcp $HOME_NET any -> [223.17.215.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.215.76/; sid:900605264; rev:1;)
alert tcp $HOME_NET any -> [180.148.4.130] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.148.4.130/; sid:900605265; rev:1;)
alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:900605266; rev:1;)
alert tcp $HOME_NET any -> [115.21.224.117] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.21.224.117/; sid:900605268; rev:1;)
alert tcp $HOME_NET any -> [202.79.24.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.79.24.136/; sid:900605269; rev:1;)
alert tcp $HOME_NET any -> [181.30.61.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900605271; rev:1;)
alert tcp $HOME_NET any -> [110.172.180.180] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.180.180/; sid:900605273; rev:1;)
alert tcp $HOME_NET any -> [70.92.118.112] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.92.118.112/; sid:900605274; rev:1;)
alert tcp $HOME_NET any -> [59.21.235.119] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.21.235.119/; sid:900605275; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.244] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.244/; sid:900605276; rev:1;)
alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900605277; rev:1;)
alert tcp $HOME_NET any -> [110.39.162.2] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.39.162.2/; sid:900605278; rev:1;)
alert tcp $HOME_NET any -> [93.146.143.191] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.143.191/; sid:900605279; rev:1;)
alert tcp $HOME_NET any -> [172.245.248.239] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.248.239/; sid:900605280; rev:1;)
alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900605281; rev:1;)
alert tcp $HOME_NET any -> [110.145.11.73] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.11.73/; sid:900605282; rev:1;)
alert tcp $HOME_NET any -> [191.223.36.170] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.223.36.170/; sid:900605283; rev:1;)
alert tcp $HOME_NET any -> [82.145.43.153] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.145.43.153/; sid:900605284; rev:1;)
alert tcp $HOME_NET any -> [24.230.124.78] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.230.124.78/; sid:900605285; rev:1;)
alert tcp $HOME_NET any -> [110.145.101.66] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.101.66/; sid:900605286; rev:1;)
alert tcp $HOME_NET any -> [75.109.111.18] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.111.18/; sid:900605287; rev:1;)
alert tcp $HOME_NET any -> [175.207.12.52] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.12.52/; sid:900605288; rev:1;)
alert tcp $HOME_NET any -> [109.116.245.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.116.245.80/; sid:900605289; rev:1;)
alert tcp $HOME_NET any -> [45.230.228.26] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.228.26/; sid:900605290; rev:1;)
alert tcp $HOME_NET any -> [143.0.85.206] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.85.206/; sid:900605291; rev:1;)
alert tcp $HOME_NET any -> [190.210.246.253] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.246.253/; sid:900605292; rev:1;)
alert tcp $HOME_NET any -> [47.144.21.37] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.144.21.37/; sid:900605294; rev:1;)
alert tcp $HOME_NET any -> [181.165.68.127] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.68.127/; sid:900605295; rev:1;)
alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900605296; rev:1;)
alert tcp $HOME_NET any -> [139.5.101.203] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.101.203/; sid:900605297; rev:1;)
alert tcp $HOME_NET any -> [190.162.232.138] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.162.232.138/; sid:900605298; rev:1;)
alert tcp $HOME_NET any -> [93.149.120.214] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.149.120.214/; sid:900605299; rev:1;)
alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900605300; rev:1;)
alert tcp $HOME_NET any -> [31.27.59.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.27.59.105/; sid:900605301; rev:1;)
alert tcp $HOME_NET any -> [152.169.22.67] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.67/; sid:900605303; rev:1;)
alert tcp $HOME_NET any -> [2.82.75.215] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.82.75.215/; sid:900605304; rev:1;)
alert tcp $HOME_NET any -> [197.211.245.21] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.245.21/; sid:900605305; rev:1;)
alert tcp $HOME_NET any -> [118.83.154.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.83.154.64/; sid:900605306; rev:1;)
alert tcp $HOME_NET any -> [201.185.69.28] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.185.69.28/; sid:900605307; rev:1;)
alert tcp $HOME_NET any -> [177.85.167.10] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.85.167.10/; sid:900605308; rev:1;)
alert tcp $HOME_NET any -> [190.251.200.206] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.200.206/; sid:900605309; rev:1;)
alert tcp $HOME_NET any -> [51.38.71.84] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.71.84/; sid:900605310; rev:1;)
alert tcp $HOME_NET any -> [201.163.74.204] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.163.74.204/; sid:900605311; rev:1;)
alert tcp $HOME_NET any -> [82.208.146.142] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.208.146.142/; sid:900605312; rev:1;)
alert tcp $HOME_NET any -> [89.106.251.163] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.106.251.163/; sid:900605313; rev:1;)
alert tcp $HOME_NET any -> [78.189.148.42] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.148.42/; sid:900605314; rev:1;)
alert tcp $HOME_NET any -> [167.99.105.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.11/; sid:900605315; rev:1;)
alert tcp $HOME_NET any -> [190.19.169.69] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.169.69/; sid:900605316; rev:1;)
alert tcp $HOME_NET any -> [70.183.211.3] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.211.3/; sid:900605317; rev:1;)
alert tcp $HOME_NET any -> [180.222.161.85] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.222.161.85/; sid:900605318; rev:1;)
alert tcp $HOME_NET any -> [75.113.193.72] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.193.72/; sid:900605319; rev:1;)
alert tcp $HOME_NET any -> [91.233.197.70] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.233.197.70/; sid:900605320; rev:1;)
alert tcp $HOME_NET any -> [78.182.254.231] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.254.231/; sid:900605321; rev:1;)
alert tcp $HOME_NET any -> [201.212.61.66] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.61.66/; sid:900605322; rev:1;)
alert tcp $HOME_NET any -> [200.75.39.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.39.254/; sid:900605324; rev:1;)
alert tcp $HOME_NET any -> [191.241.233.198] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.241.233.198/; sid:900605325; rev:1;)
alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900605326; rev:1;)
alert tcp $HOME_NET any -> [190.251.216.100] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.216.100/; sid:900605327; rev:1;)
alert tcp $HOME_NET any -> [190.45.24.210] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.45.24.210/; sid:900605328; rev:1;)
alert tcp $HOME_NET any -> [82.48.39.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.48.39.246/; sid:900605329; rev:1;)
alert tcp $HOME_NET any -> [190.64.88.186] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.64.88.186/; sid:900605330; rev:1;)
alert tcp $HOME_NET any -> [187.161.206.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.161.206.24/; sid:900605331; rev:1;)
alert tcp $HOME_NET any -> [186.96.170.61] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.170.61/; sid:900605332; rev:1;)
alert tcp $HOME_NET any -> [93.146.48.84] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.146.48.84/; sid:900605333; rev:1;)
alert tcp $HOME_NET any -> [161.0.153.60] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.0.153.60/; sid:900605334; rev:1;)
alert tcp $HOME_NET any -> [120.51.34.254] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.34.254/; sid:900605335; rev:1;)
alert tcp $HOME_NET any -> [203.160.167.243] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.167.243/; sid:900605336; rev:1;)
alert tcp $HOME_NET any -> [185.183.16.47] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.16.47/; sid:900605337; rev:1;)
alert tcp $HOME_NET any -> [78.188.225.105] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.225.105/; sid:900605338; rev:1;)
alert tcp $HOME_NET any -> [27.78.27.110] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.78.27.110/; sid:900605339; rev:1;)
alert tcp $HOME_NET any -> [152.32.75.74] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.32.75.74/; sid:900605340; rev:1;)
alert tcp $HOME_NET any -> [82.78.179.117] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.179.117/; sid:900605341; rev:1;)
alert tcp $HOME_NET any -> [115.79.195.246] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.195.246/; sid:900605342; rev:1;)
alert tcp $HOME_NET any -> [49.206.16.156] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.16.156/; sid:900605343; rev:1;)
alert tcp $HOME_NET any -> [122.116.104.238] 8443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605344; rev:1;)
alert tcp $HOME_NET any -> [109.101.137.162] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.101.137.162/; sid:900605345; rev:1;)
alert tcp $HOME_NET any -> [190.55.186.229] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.186.229/; sid:900605346; rev:1;)
alert tcp $HOME_NET any -> [209.33.120.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.120.130/; sid:900605347; rev:1;)
alert tcp $HOME_NET any -> [217.160.169.110] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.169.110/; sid:900605348; rev:1;)
alert tcp $HOME_NET any -> [51.255.203.164] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.203.164/; sid:900605349; rev:1;)
alert tcp $HOME_NET any -> [84.232.229.24] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.232.229.24/; sid:900605350; rev:1;)
alert tcp $HOME_NET any -> [201.48.121.65] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.48.121.65/; sid:900605351; rev:1;)
alert tcp $HOME_NET any -> [85.105.239.184] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.239.184/; sid:900605352; rev:1;)
alert tcp $HOME_NET any -> [108.53.88.101] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.53.88.101/; sid:900605353; rev:1;)
alert tcp $HOME_NET any -> [79.130.130.240] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.130.240/; sid:900605354; rev:1;)
alert tcp $HOME_NET any -> [195.159.28.230] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.159.28.230/; sid:900605355; rev:1;)
alert tcp $HOME_NET any -> [98.109.133.80] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.109.133.80/; sid:900605356; rev:1;)
alert tcp $HOME_NET any -> [181.10.46.92] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.46.92/; sid:900605357; rev:1;)
alert tcp $HOME_NET any -> [71.72.196.159] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.72.196.159/; sid:900605358; rev:1;)
alert tcp $HOME_NET any -> [24.69.65.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.69.65.8/; sid:900605359; rev:1;)
alert tcp $HOME_NET any -> [95.76.153.115] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.76.153.115/; sid:900605360; rev:1;)
alert tcp $HOME_NET any -> [197.232.36.108] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.36.108/; sid:900605361; rev:1;)
alert tcp $HOME_NET any -> [190.18.184.113] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.184.113/; sid:900605362; rev:1;)
alert tcp $HOME_NET any -> [69.38.130.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.38.130.14/; sid:900605363; rev:1;)
alert tcp $HOME_NET any -> [172.193.14.201] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.193.14.201/; sid:900605364; rev:1;)
alert tcp $HOME_NET any -> [88.58.209.2] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.58.209.2/; sid:900605366; rev:1;)
alert tcp $HOME_NET any -> [186.146.229.172] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.229.172/; sid:900605367; rev:1;)
alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900605368; rev:1;)
alert tcp $HOME_NET any -> [50.91.114.38] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.114.38/; sid:900605369; rev:1;)
alert tcp $HOME_NET any -> [181.171.209.241] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.209.241/; sid:900605370; rev:1;)
alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900605371; rev:1;)
alert tcp $HOME_NET any -> [123.176.25.234] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.176.25.234/; sid:900605372; rev:1;)
alert tcp $HOME_NET any -> [91.90.88.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.90.88.5/; sid:900605373; rev:1;)
alert tcp $HOME_NET any -> [122.116.104.238] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900605374; rev:1;)
alert tcp $HOME_NET any -> [78.206.229.130] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.206.229.130/; sid:900605375; rev:1;)
alert tcp $HOME_NET any -> [79.133.6.236] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.133.6.236/; sid:900605376; rev:1;)
alert tcp $HOME_NET any -> [190.240.194.77] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.194.77/; sid:900605377; rev:1;)
alert tcp $HOME_NET any -> [154.127.113.242] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.127.113.242/; sid:900605378; rev:1;)
alert tcp $HOME_NET any -> [45.33.94.33] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.94.33/; sid:900605379; rev:1;)
alert tcp $HOME_NET any -> [159.89.91.92] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.91.92/; sid:900605380; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.161] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.161/; sid:900605381; rev:1;)
alert tcp $HOME_NET any -> [158.69.118.130] 1443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.118.130/; sid:900605382; rev:1;)
alert tcp $HOME_NET any -> [142.44.247.57] 4043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.247.57/; sid:900605384; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.140] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.140/; sid:900605385; rev:1;)
alert tcp $HOME_NET any -> [59.148.253.194] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900605386; rev:1;)
alert tcp $HOME_NET any -> [94.23.45.86] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.45.86/; sid:900605387; rev:1;)
alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:900605388; rev:1;)
alert tcp $HOME_NET any -> [51.75.33.120] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900605389; rev:1;)
alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900605390; rev:1;)
alert tcp $HOME_NET any -> [167.86.68.49] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.68.49/; sid:900605391; rev:1;)
alert tcp $HOME_NET any -> [46.105.131.87] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.87/; sid:900605392; rev:1;)
alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900605393; rev:1;)
alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:900605394; rev:1;)
alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900605395; rev:1;)
alert tcp $HOME_NET any -> [162.241.92.219] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.92.219/; sid:900605400; rev:1;)
alert tcp $HOME_NET any -> [72.188.173.74] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.188.173.74/; sid:900605416; rev:1;)
alert tcp $HOME_NET any -> [200.111.198.76] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.198.76/; sid:900605417; rev:1;)
alert tcp $HOME_NET any -> [193.90.12.20] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.90.12.20/; sid:900605418; rev:1;)
alert tcp $HOME_NET any -> [185.181.9.76] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.181.9.76/; sid:900605419; rev:1;)
alert tcp $HOME_NET any -> [175.207.13.56] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.13.56/; sid:900605420; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.84] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.84/; sid:900605421; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.131] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.131/; sid:900605424; rev:1;)
alert tcp $HOME_NET any -> [192.99.41.136] 981 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.41.136/; sid:900605425; rev:1;)
alert tcp $HOME_NET any -> [5.196.204.251] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.204.251/; sid:900605426; rev:1;)
alert tcp $HOME_NET any -> [24.229.3.146] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.3.146/; sid:900605427; rev:1;)
alert tcp $HOME_NET any -> [97.107.127.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.127.227/; sid:900605430; rev:1;)
alert tcp $HOME_NET any -> [87.106.18.216] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.18.216/; sid:900605431; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.235] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.235/; sid:900605432; rev:1;)
alert tcp $HOME_NET any -> [41.211.125.59] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.211.125.59/; sid:900605434; rev:1;)
alert tcp $HOME_NET any -> [118.67.216.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.67.216.238/; sid:900605435; rev:1;)
alert tcp $HOME_NET any -> [36.94.164.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.164.249/; sid:900605436; rev:1;)
alert tcp $HOME_NET any -> [92.242.214.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.214.203/; sid:900605437; rev:1;)
alert tcp $HOME_NET any -> [103.91.244.102] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.244.102/; sid:900605438; rev:1;)
alert tcp $HOME_NET any -> [45.226.124.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.226.124.226/; sid:900605439; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.66/; sid:900605440; rev:1;)
alert tcp $HOME_NET any -> [177.87.0.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.0.7/; sid:900605441; rev:1;)
alert tcp $HOME_NET any -> [117.212.193.62] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.212.193.62/; sid:900605442; rev:1;)
alert tcp $HOME_NET any -> [36.89.193.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.193.235/; sid:900605443; rev:1;)
alert tcp $HOME_NET any -> [201.184.190.59] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.190.59/; sid:900605444; rev:1;)
alert tcp $HOME_NET any -> [179.191.108.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.191.108.58/; sid:900605446; rev:1;)
alert tcp $HOME_NET any -> [176.62.180.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.62.180.164/; sid:900605447; rev:1;)
alert tcp $HOME_NET any -> [194.5.249.93] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.93/; sid:900605449; rev:1;)
alert tcp $HOME_NET any -> [200.142.124.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.142.124.146/; sid:900605450; rev:1;)
alert tcp $HOME_NET any -> [181.211.103.254] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.103.254/; sid:900605452; rev:1;)
alert tcp $HOME_NET any -> [123.59.211.174] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.59.211.174/; sid:900605454; rev:1;)
alert tcp $HOME_NET any -> [103.89.252.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.252.130/; sid:900605455; rev:1;)
alert tcp $HOME_NET any -> [201.59.167.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.59.167.66/; sid:900605457; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.133/; sid:900605458; rev:1;)
alert tcp $HOME_NET any -> [212.129.24.85] 34443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.85/; sid:900605459; rev:1;)
alert tcp $HOME_NET any -> [192.241.175.242] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.242/; sid:900605460; rev:1;)
alert tcp $HOME_NET any -> [62.14.242.133] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.14.242.133/; sid:900605461; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.154/; sid:900605462; rev:1;)
alert tcp $HOME_NET any -> [45.201.134.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.134.202/; sid:900605464; rev:1;)
alert tcp $HOME_NET any -> [103.94.7.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.7.43/; sid:900605465; rev:1;)
alert tcp $HOME_NET any -> [49.156.39.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.39.150/; sid:900605466; rev:1;)
alert tcp $HOME_NET any -> [46.252.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.252.38.244/; sid:900605467; rev:1;)
alert tcp $HOME_NET any -> [178.254.40.33] 3389 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.40.33/; sid:900605468; rev:1;)
alert tcp $HOME_NET any -> [185.4.132.226] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.132.226/; sid:900605469; rev:1;)
alert tcp $HOME_NET any -> [92.60.235.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.60.235.135/; sid:900605470; rev:1;)
alert tcp $HOME_NET any -> [159.224.167.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.224.167.102/; sid:900605471; rev:1;)
alert tcp $HOME_NET any -> [95.210.118.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.210.118.90/; sid:900605472; rev:1;)
alert tcp $HOME_NET any -> [77.81.247.140] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.81.247.140/; sid:900605474; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.149/; sid:900605475; rev:1;)
alert tcp $HOME_NET any -> [45.234.248.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.234.248.146/; sid:900605476; rev:1;)
alert tcp $HOME_NET any -> [5.189.157.183] 4646 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.157.183/; sid:900605477; rev:1;)
alert tcp $HOME_NET any -> [165.227.155.13] 3308 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.155.13/; sid:900605478; rev:1;)
alert tcp $HOME_NET any -> [128.199.59.13] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.59.13/; sid:900605481; rev:1;)
alert tcp $HOME_NET any -> [178.128.83.165] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.83.165/; sid:900605482; rev:1;)
alert tcp $HOME_NET any -> [94.158.245.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.158.245.54/; sid:900605485; rev:1;)
alert tcp $HOME_NET any -> [45.83.129.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.129.224/; sid:900605486; rev:1;)
alert tcp $HOME_NET any -> [195.123.241.195] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.195/; sid:900605487; rev:1;)
alert tcp $HOME_NET any -> [108.170.20.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.72/; sid:900605488; rev:1;)
alert tcp $HOME_NET any -> [134.119.186.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.201/; sid:900605489; rev:1;)
alert tcp $HOME_NET any -> [134.119.186.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.186.200/; sid:900605491; rev:1;)
alert tcp $HOME_NET any -> [108.170.20.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.20.75/; sid:900605493; rev:1;)
alert tcp $HOME_NET any -> [94.140.114.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.114.136/; sid:900605494; rev:1;)
alert tcp $HOME_NET any -> [172.83.155.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.215/; sid:900605495; rev:1;)
alert tcp $HOME_NET any -> [212.227.53.240] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.53.240/; sid:900605496; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.132/; sid:900605497; rev:1;)
alert tcp $HOME_NET any -> [192.241.174.45] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.174.45/; sid:900605498; rev:1;)
alert tcp $HOME_NET any -> [193.8.194.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.8.194.96/; sid:900605499; rev:1;)
alert tcp $HOME_NET any -> [185.163.45.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.163.45.138/; sid:900605500; rev:1;)
alert tcp $HOME_NET any -> [45.155.173.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.242/; sid:900605501; rev:1;)
alert tcp $HOME_NET any -> [173.203.78.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.203.78.138/; sid:900605502; rev:1;)
alert tcp $HOME_NET any -> [217.160.107.189] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.107.189/; sid:900605503; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.150] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.150/; sid:900605504; rev:1;)
alert tcp $HOME_NET any -> [142.202.191.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.202.191.164/; sid:900605506; rev:1;)
alert tcp $HOME_NET any -> [173.255.246.77] 691 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.246.77/; sid:900605510; rev:1;)
alert tcp $HOME_NET any -> [185.216.27.185] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.216.27.185/; sid:900605514; rev:1;)
alert tcp $HOME_NET any -> [185.234.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.84/; sid:900605517; rev:1;)
alert tcp $HOME_NET any -> [198.1.115.153] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.115.153/; sid:900605518; rev:1;)
alert tcp $HOME_NET any -> [209.20.87.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.20.87.138/; sid:900605519; rev:1;)
alert tcp $HOME_NET any -> [151.236.29.248] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.29.248/; sid:900605520; rev:1;)
alert tcp $HOME_NET any -> [181.196.245.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.245.54/; sid:900605524; rev:1;)
alert tcp $HOME_NET any -> [162.13.114.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.13.114.59/; sid:900605527; rev:1;)
alert tcp $HOME_NET any -> [37.187.115.122] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.115.122/; sid:900605528; rev:1;)
alert tcp $HOME_NET any -> [70.39.99.196] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.39.99.196/; sid:900605529; rev:1;)
alert tcp $HOME_NET any -> [178.54.230.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.54.230.164/; sid:900605530; rev:1;)
alert tcp $HOME_NET any -> [103.76.20.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.20.226/; sid:900605531; rev:1;)
alert tcp $HOME_NET any -> [80.78.75.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.75.246/; sid:900605532; rev:1;)
alert tcp $HOME_NET any -> [154.79.252.132] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.252.132/; sid:900605535; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900605536; rev:1;)
alert tcp $HOME_NET any -> [80.78.77.116] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.78.77.116/; sid:900605537; rev:1;)
alert tcp $HOME_NET any -> [168.232.188.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.232.188.88/; sid:900605538; rev:1;)
alert tcp $HOME_NET any -> [173.81.4.147] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605539; rev:1;)
alert tcp $HOME_NET any -> [202.142.151.190] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.151.190/; sid:900605540; rev:1;)
alert tcp $HOME_NET any -> [37.235.230.123] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.230.123/; sid:900605545; rev:1;)
alert tcp $HOME_NET any -> [186.195.199.238] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.195.199.238/; sid:900605546; rev:1;)
alert tcp $HOME_NET any -> [177.47.88.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.47.88.62/; sid:900605547; rev:1;)
alert tcp $HOME_NET any -> [36.92.93.5] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.93.5/; sid:900605548; rev:1;)
alert tcp $HOME_NET any -> [103.146.2.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605549; rev:1;)
alert tcp $HOME_NET any -> [182.48.66.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.66.106/; sid:900605550; rev:1;)
alert tcp $HOME_NET any -> [36.94.202.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.202.131/; sid:900605551; rev:1;)
alert tcp $HOME_NET any -> [179.60.243.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.243.52/; sid:900605552; rev:1;)
alert tcp $HOME_NET any -> [103.146.185.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.185.107/; sid:900605556; rev:1;)
alert tcp $HOME_NET any -> [209.151.236.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.236.42/; sid:900605558; rev:1;)
alert tcp $HOME_NET any -> [91.121.94.86] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.94.86/; sid:900605559; rev:1;)
alert tcp $HOME_NET any -> [5.189.144.136] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.144.136/; sid:900605560; rev:1;)
alert tcp $HOME_NET any -> [131.72.153.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.72.153.198/; sid:900605561; rev:1;)
alert tcp $HOME_NET any -> [131.255.106.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.255.106.152/; sid:900605562; rev:1;)
alert tcp $HOME_NET any -> [37.112.60.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.112.60.123/; sid:900605563; rev:1;)
alert tcp $HOME_NET any -> [202.91.41.138] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.41.138/; sid:900605570; rev:1;)
alert tcp $HOME_NET any -> [122.2.28.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.2.28.70/; sid:900605575; rev:1;)
alert tcp $HOME_NET any -> [103.225.138.94] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.138.94/; sid:900605576; rev:1;)
alert tcp $HOME_NET any -> [123.231.149.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605577; rev:1;)
alert tcp $HOME_NET any -> [190.119.167.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.167.154/; sid:900605578; rev:1;)
alert tcp $HOME_NET any -> [47.103.145.214] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.103.145.214/; sid:900605579; rev:1;)
alert tcp $HOME_NET any -> [117.210.210.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.210.210.179/; sid:900605580; rev:1;)
alert tcp $HOME_NET any -> [200.195.233.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.195.233.10/; sid:900605581; rev:1;)
alert tcp $HOME_NET any -> [170.82.4.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.4.158/; sid:900605582; rev:1;)
alert tcp $HOME_NET any -> [37.29.124.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.29.124.94/; sid:900605583; rev:1;)
alert tcp $HOME_NET any -> [103.239.165.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.239.165.24/; sid:900605584; rev:1;)
alert tcp $HOME_NET any -> [103.146.2.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.2.152/; sid:900605587; rev:1;)
alert tcp $HOME_NET any -> [103.54.42.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.42.218/; sid:900605588; rev:1;)
alert tcp $HOME_NET any -> [85.25.134.43] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.134.43/; sid:900605589; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.146] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.146/; sid:900605590; rev:1;)
alert tcp $HOME_NET any -> [213.208.134.178] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.208.134.178/; sid:900605591; rev:1;)
alert tcp $HOME_NET any -> [50.243.30.51] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.243.30.51/; sid:900605592; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.132] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.132/; sid:900605593; rev:1;)
alert tcp $HOME_NET any -> [162.241.204.234] 6516 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.204.234/; sid:900605595; rev:1;)
alert tcp $HOME_NET any -> [121.199.35.69] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.199.35.69/; sid:900605596; rev:1;)
alert tcp $HOME_NET any -> [185.97.135.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.97.135.164/; sid:900605597; rev:1;)
alert tcp $HOME_NET any -> [85.88.174.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.88.174.94/; sid:900605598; rev:1;)
alert tcp $HOME_NET any -> [203.160.59.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.59.14/; sid:900605601; rev:1;)
alert tcp $HOME_NET any -> [36.66.111.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.111.251/; sid:900605602; rev:1;)
alert tcp $HOME_NET any -> [216.10.242.142] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.242.142/; sid:900605603; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.137] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.137/; sid:900605604; rev:1;)
alert tcp $HOME_NET any -> [116.251.211.158] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.251.211.158/; sid:900605605; rev:1;)
alert tcp $HOME_NET any -> [103.73.102.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.102.174/; sid:900605607; rev:1;)
alert tcp $HOME_NET any -> [114.34.226.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.34.226.52/; sid:900605609; rev:1;)
alert tcp $HOME_NET any -> [111.235.66.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.66.83/; sid:900605610; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.186] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.186/; sid:900605612; rev:1;)
alert tcp $HOME_NET any -> [62.64.9.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.64.9.237/; sid:900605613; rev:1;)
alert tcp $HOME_NET any -> [190.152.71.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.71.230/; sid:900605615; rev:1;)
alert tcp $HOME_NET any -> [94.74.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.74.133.76/; sid:900605616; rev:1;)
alert tcp $HOME_NET any -> [181.191.67.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.191.67.186/; sid:900605617; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.135] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.135/; sid:900605618; rev:1;)
alert tcp $HOME_NET any -> [107.180.90.10] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.180.90.10/; sid:900605619; rev:1;)
alert tcp $HOME_NET any -> [31.24.158.56] 7275 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.24.158.56/; sid:900605620; rev:1;)
alert tcp $HOME_NET any -> [167.179.194.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.179.194.205/; sid:900605621; rev:1;)
alert tcp $HOME_NET any -> [79.106.115.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.103/; sid:900605622; rev:1;)
alert tcp $HOME_NET any -> [178.33.183.53] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.183.53/; sid:900605623; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.166] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.166/; sid:900605624; rev:1;)
alert tcp $HOME_NET any -> [157.7.139.198] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.139.198/; sid:900605625; rev:1;)
alert tcp $HOME_NET any -> [144.76.42.74] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.42.74/; sid:900605626; rev:1;)
alert tcp $HOME_NET any -> [41.76.108.46] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900605627; rev:1;)
alert tcp $HOME_NET any -> [195.154.221.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.221.186/; sid:900605628; rev:1;)
alert tcp $HOME_NET any -> [153.126.203.229] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.203.229/; sid:900605629; rev:1;)
alert tcp $HOME_NET any -> [195.210.28.233] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.233/; sid:900605632; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.199/; sid:900605633; rev:1;)
alert tcp $HOME_NET any -> [62.75.168.152] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.168.152/; sid:900605634; rev:1;)
alert tcp $HOME_NET any -> [147.78.186.4] 10051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.78.186.4/; sid:900605635; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.184] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.184/; sid:900605636; rev:1;)
alert tcp $HOME_NET any -> [174.105.233.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.105.233.82/; sid:900605637; rev:1;)
alert tcp $HOME_NET any -> [45.164.80.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.164.80.94/; sid:900605638; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.137] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.137/; sid:900605641; rev:1;)
alert tcp $HOME_NET any -> [199.204.214.26] 7073 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.26/; sid:900605642; rev:1;)
alert tcp $HOME_NET any -> [95.140.127.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.140.127.82/; sid:900605643; rev:1;)
alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900605646; rev:1;)
alert tcp $HOME_NET any -> [219.91.189.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.91.189.17/; sid:900605647; rev:1;)
alert tcp $HOME_NET any -> [37.247.35.130] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.247.35.130/; sid:900605648; rev:1;)
alert tcp $HOME_NET any -> [103.18.108.116] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.18.108.116/; sid:900605649; rev:1;)
alert tcp $HOME_NET any -> [36.91.107.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.107.247/; sid:900605651; rev:1;)
alert tcp $HOME_NET any -> [12.158.156.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.158.156.51/; sid:900605652; rev:1;)
alert tcp $HOME_NET any -> [49.231.17.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.231.17.146/; sid:900605654; rev:1;)
alert tcp $HOME_NET any -> [216.177.161.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.177.161.118/; sid:900605655; rev:1;)
alert tcp $HOME_NET any -> [72.133.71.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.133.71.61/; sid:900605656; rev:1;)
alert tcp $HOME_NET any -> [103.26.251.214] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.26.251.214/; sid:900605657; rev:1;)
alert tcp $HOME_NET any -> [98.6.170.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.170.206/; sid:900605659; rev:1;)
alert tcp $HOME_NET any -> [102.67.74.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.67.74.24/; sid:900605660; rev:1;)
alert tcp $HOME_NET any -> [5.2.158.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.158.159/; sid:900605661; rev:1;)
alert tcp $HOME_NET any -> [92.245.172.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.245.172.211/; sid:900605662; rev:1;)
alert tcp $HOME_NET any -> [176.115.19.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.19.84/; sid:900605663; rev:1;)
alert tcp $HOME_NET any -> [76.84.51.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.51.10/; sid:900605664; rev:1;)
alert tcp $HOME_NET any -> [62.209.206.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.209.206.195/; sid:900605665; rev:1;)
alert tcp $HOME_NET any -> [85.175.171.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605666; rev:1;)
alert tcp $HOME_NET any -> [108.55.14.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.55.14.158/; sid:900605667; rev:1;)
alert tcp $HOME_NET any -> [103.6.213.203] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.6.213.203/; sid:900605668; rev:1;)
alert tcp $HOME_NET any -> [46.41.130.218] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.130.218/; sid:900605669; rev:1;)
alert tcp $HOME_NET any -> [71.66.174.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.66.174.34/; sid:900605670; rev:1;)
alert tcp $HOME_NET any -> [5.189.181.107] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.181.107/; sid:900605671; rev:1;)
alert tcp $HOME_NET any -> [198.179.109.238] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.179.109.238/; sid:900605672; rev:1;)
alert tcp $HOME_NET any -> [72.2.179.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.2.179.4/; sid:900605673; rev:1;)
alert tcp $HOME_NET any -> [45.127.134.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.127.134.203/; sid:900605674; rev:1;)
alert tcp $HOME_NET any -> [41.138.131.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.138.131.67/; sid:900605675; rev:1;)
alert tcp $HOME_NET any -> [203.112.210.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.112.210.46/; sid:900605676; rev:1;)
alert tcp $HOME_NET any -> [103.77.205.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.77.205.102/; sid:900605677; rev:1;)
alert tcp $HOME_NET any -> [116.212.132.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.111/; sid:900605678; rev:1;)
alert tcp $HOME_NET any -> [103.110.14.43] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.110.14.43/; sid:900605679; rev:1;)
alert tcp $HOME_NET any -> [195.8.114.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.8.114.137/; sid:900605680; rev:1;)
alert tcp $HOME_NET any -> [88.119.86.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.119.86.75/; sid:900605681; rev:1;)
alert tcp $HOME_NET any -> [182.160.109.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.109.205/; sid:900605682; rev:1;)
alert tcp $HOME_NET any -> [103.15.140.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.15.140.141/; sid:900605683; rev:1;)
alert tcp $HOME_NET any -> [45.167.249.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.249.126/; sid:900605684; rev:1;)
alert tcp $HOME_NET any -> [103.138.172.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.138.172.74/; sid:900605685; rev:1;)
alert tcp $HOME_NET any -> [182.23.81.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.81.218/; sid:900605686; rev:1;)
alert tcp $HOME_NET any -> [45.229.71.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605687; rev:1;)
alert tcp $HOME_NET any -> [18.195.23.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.195.23.231/; sid:900605688; rev:1;)
alert tcp $HOME_NET any -> [77.220.64.141] 5037 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.220.64.141/; sid:900605691; rev:1;)
alert tcp $HOME_NET any -> [185.229.225.1] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.229.225.1/; sid:900605695; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.174] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.174/; sid:900605696; rev:1;)
alert tcp $HOME_NET any -> [159.8.59.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.84/; sid:900605699; rev:1;)
alert tcp $HOME_NET any -> [196.41.57.46] 80 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605701; rev:1;)
alert tcp $HOME_NET any -> [216.10.251.121] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.251.121/; sid:900605702; rev:1;)
alert tcp $HOME_NET any -> [98.142.187.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.233/; sid:900605704; rev:1;)
alert tcp $HOME_NET any -> [162.241.54.59] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.54.59/; sid:900605711; rev:1;)
alert tcp $HOME_NET any -> [45.58.56.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.56.12/; sid:900605712; rev:1;)
alert tcp $HOME_NET any -> [51.91.76.89] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.76.89/; sid:900605713; rev:1;)
alert tcp $HOME_NET any -> [173.81.4.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.4.147/; sid:900605714; rev:1;)
alert tcp $HOME_NET any -> [5.59.205.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.59.205.32/; sid:900605715; rev:1;)
alert tcp $HOME_NET any -> [161.132.187.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.132.187.158/; sid:900605716; rev:1;)
alert tcp $HOME_NET any -> [98.142.187.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.187.174/; sid:900605719; rev:1;)
alert tcp $HOME_NET any -> [80.211.33.13] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.33.13/; sid:900605722; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.220] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.220/; sid:900605724; rev:1;)
alert tcp $HOME_NET any -> [188.18.7.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.18.7.133/; sid:900605725; rev:1;)
alert tcp $HOME_NET any -> [63.249.67.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.249.67.70/; sid:900605726; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.199] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.199/; sid:900605727; rev:1;)
alert tcp $HOME_NET any -> [31.148.29.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.29.153/; sid:900605728; rev:1;)
alert tcp $HOME_NET any -> [94.28.78.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.28.78.200/; sid:900605729; rev:1;)
alert tcp $HOME_NET any -> [181.143.251.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605730; rev:1;)
alert tcp $HOME_NET any -> [202.131.227.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.226/; sid:900605732; rev:1;)
alert tcp $HOME_NET any -> [200.105.134.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.134.99/; sid:900605734; rev:1;)
alert tcp $HOME_NET any -> [62.213.14.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.213.14.166/; sid:900605735; rev:1;)
alert tcp $HOME_NET any -> [103.76.150.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.150.14/; sid:900605736; rev:1;)
alert tcp $HOME_NET any -> [41.77.134.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.134.250/; sid:900605737; rev:1;)
alert tcp $HOME_NET any -> [78.158.171.245] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.158.171.245/; sid:900605739; rev:1;)
alert tcp $HOME_NET any -> [103.82.146.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.146.212/; sid:900605740; rev:1;)
alert tcp $HOME_NET any -> [172.93.133.123] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.93.133.123/; sid:900605743; rev:1;)
alert tcp $HOME_NET any -> [108.168.61.147] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.168.61.147/; sid:900605744; rev:1;)
alert tcp $HOME_NET any -> [123.200.26.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.200.26.246/; sid:900605745; rev:1;)
alert tcp $HOME_NET any -> [34.205.48.95] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.205.48.95/; sid:900605747; rev:1;)
alert tcp $HOME_NET any -> [94.53.130.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.53.130.195/; sid:900605748; rev:1;)
alert tcp $HOME_NET any -> [77.232.163.203] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.232.163.203/; sid:900605750; rev:1;)
alert tcp $HOME_NET any -> [87.97.178.92] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605751; rev:1;)
alert tcp $HOME_NET any -> [91.243.125.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.243.125.5/; sid:900605752; rev:1;)
alert tcp $HOME_NET any -> [181.143.251.154] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.251.154/; sid:900605753; rev:1;)
alert tcp $HOME_NET any -> [185.94.172.15] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.172.15/; sid:900605754; rev:1;)
alert tcp $HOME_NET any -> [163.53.83.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.83.117/; sid:900605755; rev:1;)
alert tcp $HOME_NET any -> [202.131.227.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.131.227.229/; sid:900605756; rev:1;)
alert tcp $HOME_NET any -> [180.178.109.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.109.222/; sid:900605757; rev:1;)
alert tcp $HOME_NET any -> [156.19.152.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.19.152.218/; sid:900605759; rev:1;)
alert tcp $HOME_NET any -> [72.249.22.245] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.249.22.245/; sid:900605763; rev:1;)
alert tcp $HOME_NET any -> [8.210.53.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.210.53.215/; sid:900605764; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.192] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.192/; sid:900605765; rev:1;)
alert tcp $HOME_NET any -> [87.97.178.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.97.178.92/; sid:900605766; rev:1;)
alert tcp $HOME_NET any -> [170.233.120.53] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.120.53/; sid:900605770; rev:1;)
alert tcp $HOME_NET any -> [62.75.251.60] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.251.60/; sid:900605771; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.25] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.25/; sid:900605772; rev:1;)
alert tcp $HOME_NET any -> [50.116.27.97] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.27.97/; sid:900605773; rev:1;)
alert tcp $HOME_NET any -> [159.203.93.122] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.93.122/; sid:900605774; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.230] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.230/; sid:900605775; rev:1;)
alert tcp $HOME_NET any -> [51.91.156.39] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.156.39/; sid:900605777; rev:1;)
alert tcp $HOME_NET any -> [67.196.50.240] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.196.50.240/; sid:900605778; rev:1;)
alert tcp $HOME_NET any -> [154.79.244.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.244.182/; sid:900605780; rev:1;)
alert tcp $HOME_NET any -> [131.0.112.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.112.122/; sid:900605781; rev:1;)
alert tcp $HOME_NET any -> [181.176.161.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.161.143/; sid:900605782; rev:1;)
alert tcp $HOME_NET any -> [178.254.161.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.161.250/; sid:900605783; rev:1;)
alert tcp $HOME_NET any -> [178.134.47.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.47.166/; sid:900605784; rev:1;)
alert tcp $HOME_NET any -> [154.79.245.158] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.245.158/; sid:900605785; rev:1;)
alert tcp $HOME_NET any -> [154.79.251.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.79.251.172/; sid:900605786; rev:1;)
alert tcp $HOME_NET any -> [178.72.192.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.72.192.20/; sid:900605787; rev:1;)
alert tcp $HOME_NET any -> [158.181.179.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.179.229/; sid:900605788; rev:1;)
alert tcp $HOME_NET any -> [139.255.116.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.116.42/; sid:900605789; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.240] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.240/; sid:900605797; rev:1;)
alert tcp $HOME_NET any -> [162.216.125.131] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.125.131/; sid:900605798; rev:1;)
alert tcp $HOME_NET any -> [193.200.130.178] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.178/; sid:900605799; rev:1;)
alert tcp $HOME_NET any -> [195.9.232.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.232.252/; sid:900605801; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.26] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.26/; sid:900605802; rev:1;)
alert tcp $HOME_NET any -> [78.46.73.125] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.73.125/; sid:900605803; rev:1;)
alert tcp $HOME_NET any -> [193.47.240.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.47.240.8/; sid:900605804; rev:1;)
alert tcp $HOME_NET any -> [153.126.165.175] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.165.175/; sid:900605805; rev:1;)
alert tcp $HOME_NET any -> [188.226.199.7] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.226.199.7/; sid:900605806; rev:1;)
alert tcp $HOME_NET any -> [46.101.216.218] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.216.218/; sid:900605807; rev:1;)
alert tcp $HOME_NET any -> [178.254.33.197] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.197/; sid:900605808; rev:1;)
alert tcp $HOME_NET any -> [167.114.113.13] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.113.13/; sid:900605813; rev:1;)
alert tcp $HOME_NET any -> [193.200.130.181] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.200.130.181/; sid:900605814; rev:1;)
alert tcp $HOME_NET any -> [67.207.83.96] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.83.96/; sid:900605815; rev:1;)
alert tcp $HOME_NET any -> [45.55.134.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.134.126/; sid:900605816; rev:1;)
alert tcp $HOME_NET any -> [190.152.4.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.202/; sid:900605817; rev:1;)
alert tcp $HOME_NET any -> [103.54.41.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.54.41.193/; sid:900605821; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.183] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.183/; sid:900605822; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.176] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.176/; sid:900605823; rev:1;)
alert tcp $HOME_NET any -> [37.34.58.210] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.34.58.210/; sid:900605824; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.179] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.179/; sid:900605825; rev:1;)
alert tcp $HOME_NET any -> [117.54.250.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.250.246/; sid:900605826; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.215] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.215/; sid:900605827; rev:1;)
alert tcp $HOME_NET any -> [146.185.170.249] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.170.249/; sid:900605828; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.182] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.182/; sid:900605829; rev:1;)
alert tcp $HOME_NET any -> [103.111.199.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.199.76/; sid:900605830; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.231] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.231/; sid:900605831; rev:1;)
alert tcp $HOME_NET any -> [115.73.211.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.73.211.230/; sid:900605832; rev:1;)
alert tcp $HOME_NET any -> [188.40.137.206] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.137.206/; sid:900605833; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.217] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.217/; sid:900605834; rev:1;)
alert tcp $HOME_NET any -> [103.9.77.211] 5353 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.77.211/; sid:900605835; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.169] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.169/; sid:900605836; rev:1;)
alert tcp $HOME_NET any -> [94.247.168.64] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.168.64/; sid:900605837; rev:1;)
alert tcp $HOME_NET any -> [162.144.34.234] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.34.234/; sid:900605838; rev:1;)
alert tcp $HOME_NET any -> [162.144.76.184] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.76.184/; sid:900605839; rev:1;)
alert tcp $HOME_NET any -> [198.20.253.36] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.20.253.36/; sid:900605840; rev:1;)
alert tcp $HOME_NET any -> [159.8.59.82] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.8.59.82/; sid:900605841; rev:1;)
alert tcp $HOME_NET any -> [66.113.160.126] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.113.160.126/; sid:900605842; rev:1;)
alert tcp $HOME_NET any -> [95.138.161.226] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.138.161.226/; sid:900605843; rev:1;)
alert tcp $HOME_NET any -> [131.100.24.202] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.100.24.202/; sid:900605844; rev:1;)
alert tcp $HOME_NET any -> [193.160.214.95] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.160.214.95/; sid:900605845; rev:1;)
alert tcp $HOME_NET any -> [67.43.4.76] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.43.4.76/; sid:900605846; rev:1;)
alert tcp $HOME_NET any -> [185.138.78.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.138.78.73/; sid:900605851; rev:1;)
alert tcp $HOME_NET any -> [82.165.145.100] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.145.100/; sid:900605853; rev:1;)
alert tcp $HOME_NET any -> [203.114.109.124] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.124/; sid:900605854; rev:1;)
alert tcp $HOME_NET any -> [94.177.255.18] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.255.18/; sid:900605855; rev:1;)
alert tcp $HOME_NET any -> [91.191.172.125] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.125/; sid:900605856; rev:1;)
alert tcp $HOME_NET any -> [218.38.136.5] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.38.136.5/; sid:900605857; rev:1;)
alert tcp $HOME_NET any -> [194.5.249.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.143/; sid:900605860; rev:1;)
alert tcp $HOME_NET any -> [162.241.209.225] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.209.225/; sid:900605862; rev:1;)
alert tcp $HOME_NET any -> [82.209.17.209] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.209.17.209/; sid:900605863; rev:1;)
alert tcp $HOME_NET any -> [43.229.206.212] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.212/; sid:900605864; rev:1;)
alert tcp $HOME_NET any -> [1.234.20.244] 3889 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.20.244/; sid:900605866; rev:1;)
alert tcp $HOME_NET any -> [45.123.40.54] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.40.54/; sid:900605867; rev:1;)
alert tcp $HOME_NET any -> [180.250.21.2] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.2/; sid:900605868; rev:1;)
alert tcp $HOME_NET any -> [1.234.21.73] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.234.21.73/; sid:900605871; rev:1;)
alert tcp $HOME_NET any -> [178.128.23.9] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.23.9/; sid:900605872; rev:1;)
alert tcp $HOME_NET any -> [77.72.145.112] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.145.112/; sid:900605875; rev:1;)
alert tcp $HOME_NET any -> [128.199.200.38] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.200.38/; sid:900605876; rev:1;)
alert tcp $HOME_NET any -> [192.163.233.216] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.233.216/; sid:900605877; rev:1;)
alert tcp $HOME_NET any -> [43.229.206.244] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.244/; sid:900605878; rev:1;)
alert tcp $HOME_NET any -> [46.254.128.174] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.254.128.174/; sid:900605881; rev:1;)
alert tcp $HOME_NET any -> [162.241.41.92] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.92/; sid:900605883; rev:1;)
alert tcp $HOME_NET any -> [210.65.244.187] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.65.244.187/; sid:900605885; rev:1;)
alert tcp $HOME_NET any -> [185.183.159.100] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.159.100/; sid:900605886; rev:1;)
alert tcp $HOME_NET any -> [185.242.89.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.89.198/; sid:900605888; rev:1;)
alert tcp $HOME_NET any -> [181.176.221.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.151/; sid:900605891; rev:1;)
alert tcp $HOME_NET any -> [181.176.174.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.174.139/; sid:900605892; rev:1;)
alert tcp $HOME_NET any -> [185.242.88.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.88.63/; sid:900605893; rev:1;)
alert tcp $HOME_NET any -> [186.32.3.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.3.108/; sid:900605894; rev:1;)
alert tcp $HOME_NET any -> [185.80.92.160] 6601 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.80.92.160/; sid:900605898; rev:1;)
alert tcp $HOME_NET any -> [180.250.21.5] 13721 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.21.5/; sid:900605900; rev:1;)
alert tcp $HOME_NET any -> [197.254.14.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.14.238/; sid:900605901; rev:1;)
alert tcp $HOME_NET any -> [144.48.139.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.139.206/; sid:900605902; rev:1;)
alert tcp $HOME_NET any -> [27.72.107.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.107.215/; sid:900605903; rev:1;)
alert tcp $HOME_NET any -> [201.23.76.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.23.76.18/; sid:900605904; rev:1;)
alert tcp $HOME_NET any -> [185.189.55.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900605905; rev:1;)
alert tcp $HOME_NET any -> [196.43.106.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.43.106.38/; sid:900605906; rev:1;)
alert tcp $HOME_NET any -> [190.110.179.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.179.139/; sid:900605907; rev:1;)
alert tcp $HOME_NET any -> [37.228.70.134] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.70.134/; sid:900605908; rev:1;)
alert tcp $HOME_NET any -> [185.9.187.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.9.187.10/; sid:900605909; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.79] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.79/; sid:900605910; rev:1;)
alert tcp $HOME_NET any -> [128.199.182.253] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.182.253/; sid:900605911; rev:1;)
alert tcp $HOME_NET any -> [14.241.244.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.244.60/; sid:900605912; rev:1;)
alert tcp $HOME_NET any -> [196.41.57.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.41.57.46/; sid:900605914; rev:1;)
alert tcp $HOME_NET any -> [103.164.180.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.164.180.66/; sid:900605915; rev:1;)
alert tcp $HOME_NET any -> [109.207.165.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.207.165.40/; sid:900605916; rev:1;)
alert tcp $HOME_NET any -> [212.200.25.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.200.25.118/; sid:900605917; rev:1;)
alert tcp $HOME_NET any -> [181.167.217.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.217.53/; sid:900605918; rev:1;)
alert tcp $HOME_NET any -> [186.97.172.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.97.172.178/; sid:900605919; rev:1;)
alert tcp $HOME_NET any -> [186.66.15.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.15.10/; sid:900605920; rev:1;)
alert tcp $HOME_NET any -> [181.129.116.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.116.58/; sid:900605921; rev:1;)
alert tcp $HOME_NET any -> [177.67.137.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.137.111/; sid:900605922; rev:1;)
alert tcp $HOME_NET any -> [189.206.78.155] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.206.78.155/; sid:900605924; rev:1;)
alert tcp $HOME_NET any -> [45.229.71.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.229.71.211/; sid:900605925; rev:1;)
alert tcp $HOME_NET any -> [181.129.242.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.242.202/; sid:900605926; rev:1;)
alert tcp $HOME_NET any -> [202.166.196.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.166.196.111/; sid:900605927; rev:1;)
alert tcp $HOME_NET any -> [187.19.167.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.19.167.233/; sid:900605928; rev:1;)
alert tcp $HOME_NET any -> [186.225.63.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.63.18/; sid:900605929; rev:1;)
alert tcp $HOME_NET any -> [43.245.216.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.245.216.116/; sid:900605930; rev:1;)
alert tcp $HOME_NET any -> [202.138.242.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.138.242.7/; sid:900605931; rev:1;)
alert tcp $HOME_NET any -> [144.48.138.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.48.138.213/; sid:900605932; rev:1;)
alert tcp $HOME_NET any -> [36.94.100.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.100.202/; sid:900605933; rev:1;)
alert tcp $HOME_NET any -> [36.94.27.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.27.124/; sid:900605934; rev:1;)
alert tcp $HOME_NET any -> [45.178.142.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.178.142.14/; sid:900605935; rev:1;)
alert tcp $HOME_NET any -> [49.156.34.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.156.34.134/; sid:900605936; rev:1;)
alert tcp $HOME_NET any -> [203.114.109.114] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.114.109.114/; sid:900605937; rev:1;)
alert tcp $HOME_NET any -> [190.109.204.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.204.126/; sid:900605938; rev:1;)
alert tcp $HOME_NET any -> [103.124.145.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.145.98/; sid:900605940; rev:1;)
alert tcp $HOME_NET any -> [85.248.1.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.248.1.126/; sid:900605941; rev:1;)
alert tcp $HOME_NET any -> [94.183.237.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.237.101/; sid:900605942; rev:1;)
alert tcp $HOME_NET any -> [114.7.240.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.7.240.222/; sid:900605943; rev:1;)
alert tcp $HOME_NET any -> [89.37.1.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.37.1.2/; sid:900605944; rev:1;)
alert tcp $HOME_NET any -> [94.142.179.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.77/; sid:900605945; rev:1;)
alert tcp $HOME_NET any -> [146.196.121.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.121.219/; sid:900605946; rev:1;)
alert tcp $HOME_NET any -> [94.142.179.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.142.179.179/; sid:900605947; rev:1;)
alert tcp $HOME_NET any -> [85.175.171.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.175.171.246/; sid:900605948; rev:1;)
alert tcp $HOME_NET any -> [177.221.39.161] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.221.39.161/; sid:900605949; rev:1;)
alert tcp $HOME_NET any -> [46.209.140.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.209.140.220/; sid:900605950; rev:1;)
alert tcp $HOME_NET any -> [88.150.240.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.240.129/; sid:900605951; rev:1;)
alert tcp $HOME_NET any -> [123.231.149.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.149.123/; sid:900605952; rev:1;)
alert tcp $HOME_NET any -> [103.101.104.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.104.229/; sid:900605953; rev:1;)
alert tcp $HOME_NET any -> [116.0.6.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.6.110/; sid:900605954; rev:1;)
alert tcp $HOME_NET any -> [182.160.116.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.160.116.190/; sid:900605955; rev:1;)
alert tcp $HOME_NET any -> [103.242.104.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.68/; sid:900605956; rev:1;)
alert tcp $HOME_NET any -> [180.178.106.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.178.106.50/; sid:900605957; rev:1;)
alert tcp $HOME_NET any -> [103.12.160.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.160.164/; sid:900605958; rev:1;)
alert tcp $HOME_NET any -> [91.83.88.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.88.122/; sid:900605960; rev:1;)
alert tcp $HOME_NET any -> [186.42.253.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.253.110/; sid:900605961; rev:1;)
alert tcp $HOME_NET any -> [104.238.138.234] 4125 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900605964; rev:1;)
alert tcp $HOME_NET any -> [95.85.255.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.255.220/; sid:900605965; rev:1;)
alert tcp $HOME_NET any -> [94.23.86.141] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.86.141/; sid:900605966; rev:1;)
alert tcp $HOME_NET any -> [62.75.161.205] 2303 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.161.205/; sid:900605967; rev:1;)
alert tcp $HOME_NET any -> [162.214.188.105] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.188.105/; sid:900605968; rev:1;)
alert tcp $HOME_NET any -> [162.214.106.107] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.106.107/; sid:900605970; rev:1;)
alert tcp $HOME_NET any -> [190.214.44.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.44.58/; sid:900605972; rev:1;)
alert tcp $HOME_NET any -> [51.77.82.110] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.82.110/; sid:900605973; rev:1;)
alert tcp $HOME_NET any -> [207.210.192.60] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.192.60/; sid:900605974; rev:1;)
alert tcp $HOME_NET any -> [159.69.237.186] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.237.186/; sid:900605975; rev:1;)
alert tcp $HOME_NET any -> [116.212.152.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.152.225/; sid:900605977; rev:1;)
alert tcp $HOME_NET any -> [157.245.231.228] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.231.228/; sid:900605978; rev:1;)
alert tcp $HOME_NET any -> [45.79.91.89] 9987 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.91.89/; sid:900605979; rev:1;)
alert tcp $HOME_NET any -> [45.158.199.220] 30333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.158.199.220/; sid:900605980; rev:1;)
alert tcp $HOME_NET any -> [199.204.214.52] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.204.214.52/; sid:900605981; rev:1;)
alert tcp $HOME_NET any -> [45.233.146.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.233.146.114/; sid:900605982; rev:1;)
alert tcp $HOME_NET any -> [91.200.186.229] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.229/; sid:900605983; rev:1;)
alert tcp $HOME_NET any -> [128.199.36.62] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.36.62/; sid:900605984; rev:1;)
alert tcp $HOME_NET any -> [50.116.54.215] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.54.215/; sid:900605985; rev:1;)
alert tcp $HOME_NET any -> [142.93.223.149] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.223.149/; sid:900605986; rev:1;)
alert tcp $HOME_NET any -> [162.214.127.16] 6051 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.127.16/; sid:900605987; rev:1;)
alert tcp $HOME_NET any -> [177.154.161.246] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.161.246/; sid:900605988; rev:1;)
alert tcp $HOME_NET any -> [144.202.49.155] 19226 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.49.155/; sid:900605989; rev:1;)
alert tcp $HOME_NET any -> [103.102.220.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.102.220.50/; sid:900605998; rev:1;)
alert tcp $HOME_NET any -> [177.84.63.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.84.63.252/; sid:900606007; rev:1;)
alert tcp $HOME_NET any -> [185.119.120.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.119.120.213/; sid:900606013; rev:1;)
alert tcp $HOME_NET any -> [83.220.115.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.115.230/; sid:900606014; rev:1;)
alert tcp $HOME_NET any -> [189.195.96.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.96.238/; sid:900606023; rev:1;)
alert tcp $HOME_NET any -> [115.127.160.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.127.160.171/; sid:900606026; rev:1;)
alert tcp $HOME_NET any -> [186.46.28.202] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.28.202/; sid:900606027; rev:1;)
alert tcp $HOME_NET any -> [91.235.129.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.8/; sid:900606030; rev:1;)
alert tcp $HOME_NET any -> [103.242.104.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.242.104.43/; sid:900606031; rev:1;)
alert tcp $HOME_NET any -> [181.112.157.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900606032; rev:1;)
alert tcp $HOME_NET any -> [97.83.40.67] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.40.67/; sid:900606034; rev:1;)
alert tcp $HOME_NET any -> [139.59.59.242] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.59.242/; sid:900606035; rev:1;)
alert tcp $HOME_NET any -> [91.207.28.33] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.28.33/; sid:900606036; rev:1;)
alert tcp $HOME_NET any -> [178.128.197.110] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.197.110/; sid:900606037; rev:1;)
alert tcp $HOME_NET any -> [91.191.172.124] 13783 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.172.124/; sid:900606038; rev:1;)
alert tcp $HOME_NET any -> [12.23.113.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.92/; sid:900606039; rev:1;)
alert tcp $HOME_NET any -> [50.249.212.98] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.212.98/; sid:900606040; rev:1;)
alert tcp $HOME_NET any -> [144.76.1.150] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.1.150/; sid:900606041; rev:1;)
alert tcp $HOME_NET any -> [104.168.154.79] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.154.79/; sid:900606042; rev:1;)
alert tcp $HOME_NET any -> [185.189.55.207] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.55.207/; sid:900606043; rev:1;)
alert tcp $HOME_NET any -> [12.23.113.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.25/; sid:900606045; rev:1;)
alert tcp $HOME_NET any -> [209.33.231.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.33.231.203/; sid:900606046; rev:1;)
alert tcp $HOME_NET any -> [174.47.92.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.47.92.130/; sid:900606047; rev:1;)
alert tcp $HOME_NET any -> [178.156.77.176] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.176/; sid:900606048; rev:1;)
alert tcp $HOME_NET any -> [72.47.4.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.4.61/; sid:900606049; rev:1;)
alert tcp $HOME_NET any -> [80.59.193.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.59.193.237/; sid:900606050; rev:1;)
alert tcp $HOME_NET any -> [71.78.79.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.79.138/; sid:900606051; rev:1;)
alert tcp $HOME_NET any -> [71.78.136.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.136.194/; sid:900606052; rev:1;)
alert tcp $HOME_NET any -> [71.78.156.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.156.115/; sid:900606053; rev:1;)
alert tcp $HOME_NET any -> [74.218.165.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.218.165.159/; sid:900606054; rev:1;)
alert tcp $HOME_NET any -> [70.117.40.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.117.40.230/; sid:900606055; rev:1;)
alert tcp $HOME_NET any -> [72.131.205.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.131.205.22/; sid:900606056; rev:1;)
alert tcp $HOME_NET any -> [94.228.90.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.228.90.140/; sid:900606057; rev:1;)
alert tcp $HOME_NET any -> [95.170.11.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.170.11.5/; sid:900606058; rev:1;)
alert tcp $HOME_NET any -> [12.23.113.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.23.113.61/; sid:900606059; rev:1;)
alert tcp $HOME_NET any -> [178.156.77.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.77.177/; sid:900606060; rev:1;)
alert tcp $HOME_NET any -> [185.162.1.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.162.1.250/; sid:900606061; rev:1;)
alert tcp $HOME_NET any -> [184.74.38.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.38.22/; sid:900606062; rev:1;)
alert tcp $HOME_NET any -> [188.27.238.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.238.63/; sid:900606063; rev:1;)
alert tcp $HOME_NET any -> [216.251.86.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.86.132/; sid:900606064; rev:1;)
alert tcp $HOME_NET any -> [71.78.139.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.139.154/; sid:900606065; rev:1;)
alert tcp $HOME_NET any -> [71.78.188.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.188.14/; sid:900606066; rev:1;)
alert tcp $HOME_NET any -> [71.78.209.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.209.122/; sid:900606067; rev:1;)
alert tcp $HOME_NET any -> [71.78.65.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.65.54/; sid:900606068; rev:1;)
alert tcp $HOME_NET any -> [77.241.196.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.241.196.234/; sid:900606069; rev:1;)
alert tcp $HOME_NET any -> [85.187.252.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.252.141/; sid:900606070; rev:1;)
alert tcp $HOME_NET any -> [89.186.8.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.8.250/; sid:900606071; rev:1;)
alert tcp $HOME_NET any -> [80.83.172.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.83.172.132/; sid:900606072; rev:1;)
alert tcp $HOME_NET any -> [148.235.154.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.235.154.164/; sid:900606073; rev:1;)
alert tcp $HOME_NET any -> [185.81.51.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.81.51.44/; sid:900606074; rev:1;)
alert tcp $HOME_NET any -> [190.145.83.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.83.98/; sid:900606075; rev:1;)
alert tcp $HOME_NET any -> [38.110.103.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.103.19/; sid:900606076; rev:1;)
alert tcp $HOME_NET any -> [41.77.185.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.185.182/; sid:900606080; rev:1;)
alert tcp $HOME_NET any -> [203.176.138.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.138.46/; sid:900606085; rev:1;)
alert tcp $HOME_NET any -> [181.176.221.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.221.243/; sid:900606086; rev:1;)
alert tcp $HOME_NET any -> [162.243.237.209] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.237.209/; sid:900606087; rev:1;)
alert tcp $HOME_NET any -> [81.0.236.71] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.71/; sid:900606088; rev:1;)
alert tcp $HOME_NET any -> [178.79.150.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.150.86/; sid:900606089; rev:1;)
alert tcp $HOME_NET any -> [74.85.157.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.85.157.139/; sid:900606091; rev:1;)
alert tcp $HOME_NET any -> [177.10.90.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.10.90.29/; sid:900606093; rev:1;)
alert tcp $HOME_NET any -> [45.239.234.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.234.2/; sid:900606094; rev:1;)
alert tcp $HOME_NET any -> [41.57.156.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.156.203/; sid:900606095; rev:1;)
alert tcp $HOME_NET any -> [95.111.235.8] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.111.235.8/; sid:900606097; rev:1;)
alert tcp $HOME_NET any -> [103.42.57.18] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.42.57.18/; sid:900606098; rev:1;)
alert tcp $HOME_NET any -> [115.68.220.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.68.220.48/; sid:900606099; rev:1;)
alert tcp $HOME_NET any -> [45.201.136.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.201.136.3/; sid:900606100; rev:1;)
alert tcp $HOME_NET any -> [14.232.161.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.232.161.45/; sid:900606102; rev:1;)
alert tcp $HOME_NET any -> [220.82.64.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.82.64.198/; sid:900606103; rev:1;)
alert tcp $HOME_NET any -> [45.239.233.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.131/; sid:900606104; rev:1;)
alert tcp $HOME_NET any -> [196.216.59.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.59.174/; sid:900606105; rev:1;)
alert tcp $HOME_NET any -> [113.160.132.237] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.132.237/; sid:900606106; rev:1;)
alert tcp $HOME_NET any -> [202.165.47.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.165.47.106/; sid:900606107; rev:1;)
alert tcp $HOME_NET any -> [181.114.215.239] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.215.239/; sid:900606108; rev:1;)
alert tcp $HOME_NET any -> [105.30.26.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.30.26.50/; sid:900606109; rev:1;)
alert tcp $HOME_NET any -> [222.124.16.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.16.74/; sid:900606110; rev:1;)
alert tcp $HOME_NET any -> [186.225.119.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.225.119.170/; sid:900606113; rev:1;)
alert tcp $HOME_NET any -> [200.236.218.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.218.62/; sid:900606114; rev:1;)
alert tcp $HOME_NET any -> [49.248.217.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.217.170/; sid:900606115; rev:1;)
alert tcp $HOME_NET any -> [119.202.8.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.202.8.249/; sid:900606116; rev:1;)
alert tcp $HOME_NET any -> [103.122.228.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.228.44/; sid:900606117; rev:1;)
alert tcp $HOME_NET any -> [143.0.208.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.208.20/; sid:900606118; rev:1;)
alert tcp $HOME_NET any -> [38.110.100.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.104/; sid:900606122; rev:1;)
alert tcp $HOME_NET any -> [45.36.99.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.99.184/; sid:900606124; rev:1;)
alert tcp $HOME_NET any -> [24.162.214.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.162.214.166/; sid:900606127; rev:1;)
alert tcp $HOME_NET any -> [184.74.99.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.74.99.214/; sid:900606128; rev:1;)
alert tcp $HOME_NET any -> [62.99.76.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.76.213/; sid:900606129; rev:1;)
alert tcp $HOME_NET any -> [38.110.100.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.33/; sid:900606131; rev:1;)
alert tcp $HOME_NET any -> [170.238.117.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900606132; rev:1;)
alert tcp $HOME_NET any -> [5.34.74.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.74.210/; sid:900606134; rev:1;)
alert tcp $HOME_NET any -> [31.207.89.74] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900606135; rev:1;)
alert tcp $HOME_NET any -> [167.172.119.42] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.119.42/; sid:900606136; rev:1;)
alert tcp $HOME_NET any -> [50.116.23.195] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.23.195/; sid:900606137; rev:1;)
alert tcp $HOME_NET any -> [66.62.113.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.62.113.113/; sid:900606140; rev:1;)
alert tcp $HOME_NET any -> [190.197.55.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.197.55.254/; sid:900606141; rev:1;)
alert tcp $HOME_NET any -> [190.61.43.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.43.241/; sid:900606144; rev:1;)
alert tcp $HOME_NET any -> [201.55.206.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.55.206.238/; sid:900606146; rev:1;)
alert tcp $HOME_NET any -> [85.87.148.200] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.148.200/; sid:900606147; rev:1;)
alert tcp $HOME_NET any -> [190.144.10.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.10.242/; sid:900606150; rev:1;)
alert tcp $HOME_NET any -> [142.4.219.173] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900606151; rev:1;)
alert tcp $HOME_NET any -> [104.168.155.129] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.129/; sid:900606152; rev:1;)
alert tcp $HOME_NET any -> [176.31.117.84] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.117.84/; sid:900606155; rev:1;)
alert tcp $HOME_NET any -> [85.187.234.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.187.234.15/; sid:900606156; rev:1;)
alert tcp $HOME_NET any -> [204.138.26.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.26.220/; sid:900606157; rev:1;)
alert tcp $HOME_NET any -> [182.253.106.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.106.35/; sid:900606160; rev:1;)
alert tcp $HOME_NET any -> [213.159.208.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.208.145/; sid:900606162; rev:1;)
alert tcp $HOME_NET any -> [172.105.110.194] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.110.194/; sid:900606163; rev:1;)
alert tcp $HOME_NET any -> [51.75.77.27] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.77.27/; sid:900606164; rev:1;)
alert tcp $HOME_NET any -> [138.197.133.25] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.133.25/; sid:900606165; rev:1;)
alert tcp $HOME_NET any -> [178.79.147.66] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.147.66/; sid:900606167; rev:1;)
alert tcp $HOME_NET any -> [87.106.97.83] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.97.83/; sid:900606168; rev:1;)
alert tcp $HOME_NET any -> [54.191.98.150] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.191.98.150/; sid:900606169; rev:1;)
alert tcp $HOME_NET any -> [209.44.106.71] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.44.106.71/; sid:900606170; rev:1;)
alert tcp $HOME_NET any -> [54.37.106.167] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.106.167/; sid:900606171; rev:1;)
alert tcp $HOME_NET any -> [207.58.132.19] 9443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.58.132.19/; sid:900606172; rev:1;)
alert tcp $HOME_NET any -> [107.170.211.239] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.211.239/; sid:900606173; rev:1;)
alert tcp $HOME_NET any -> [150.95.20.209] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.95.20.209/; sid:900606174; rev:1;)
alert tcp $HOME_NET any -> [164.68.126.207] 23399 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.126.207/; sid:900606175; rev:1;)
alert tcp $HOME_NET any -> [37.59.103.148] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.103.148/; sid:900606178; rev:1;)
alert tcp $HOME_NET any -> [43.229.206.214] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.206.214/; sid:900606179; rev:1;)
alert tcp $HOME_NET any -> [79.143.186.143] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.186.143/; sid:900606180; rev:1;)
alert tcp $HOME_NET any -> [195.9.84.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.9.84.106/; sid:900606181; rev:1;)
alert tcp $HOME_NET any -> [104.168.155.113] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.155.113/; sid:900606182; rev:1;)
alert tcp $HOME_NET any -> [107.170.64.97] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.64.97/; sid:900606184; rev:1;)
alert tcp $HOME_NET any -> [212.227.94.31] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.94.31/; sid:900606185; rev:1;)
alert tcp $HOME_NET any -> [66.175.217.172] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.175.217.172/; sid:900606190; rev:1;)
alert tcp $HOME_NET any -> [202.29.60.34] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.60.34/; sid:900606191; rev:1;)
alert tcp $HOME_NET any -> [78.46.78.42] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.78.42/; sid:900606192; rev:1;)
alert tcp $HOME_NET any -> [46.36.221.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.36.221.177/; sid:900606193; rev:1;)
alert tcp $HOME_NET any -> [194.135.33.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.135.33.220/; sid:900606195; rev:1;)
alert tcp $HOME_NET any -> [5.181.80.128] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.181.80.128/; sid:900606197; rev:1;)
alert tcp $HOME_NET any -> [194.15.113.73] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.15.113.73/; sid:900606198; rev:1;)
alert tcp $HOME_NET any -> [45.86.65.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.65.164/; sid:900606199; rev:1;)
alert tcp $HOME_NET any -> [104.245.146.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.146.203/; sid:900606201; rev:1;)
alert tcp $HOME_NET any -> [79.172.201.113] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.201.113/; sid:900606202; rev:1;)
alert tcp $HOME_NET any -> [114.207.112.77] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.207.112.77/; sid:900606203; rev:1;)
alert tcp $HOME_NET any -> [178.132.7.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.132.7.117/; sid:900606204; rev:1;)
alert tcp $HOME_NET any -> [192.119.110.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.110.250/; sid:900606205; rev:1;)
alert tcp $HOME_NET any -> [195.123.222.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.222.44/; sid:900606206; rev:1;)
alert tcp $HOME_NET any -> [151.236.30.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.236.30.38/; sid:900606207; rev:1;)
alert tcp $HOME_NET any -> [172.83.155.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.83.155.212/; sid:900606208; rev:1;)
alert tcp $HOME_NET any -> [185.99.133.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.133.118/; sid:900606209; rev:1;)
alert tcp $HOME_NET any -> [45.86.74.32] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.86.74.32/; sid:900606210; rev:1;)
alert tcp $HOME_NET any -> [45.142.158.199] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.158.199/; sid:900606211; rev:1;)
alert tcp $HOME_NET any -> [103.208.86.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.208.86.3/; sid:900606212; rev:1;)
alert tcp $HOME_NET any -> [81.0.236.93] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900606214; rev:1;)
alert tcp $HOME_NET any -> [178.238.236.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.236.59/; sid:900606215; rev:1;)
alert tcp $HOME_NET any -> [104.245.52.73] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900606216; rev:1;)
alert tcp $HOME_NET any -> [109.104.92.237] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.92.237/; sid:900606217; rev:1;)
alert tcp $HOME_NET any -> [162.243.96.221] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.96.221/; sid:900606218; rev:1;)
alert tcp $HOME_NET any -> [178.33.158.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.158.180/; sid:900606223; rev:1;)
alert tcp $HOME_NET any -> [109.74.50.71] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.50.71/; sid:900606224; rev:1;)
alert tcp $HOME_NET any -> [177.185.32.10] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.185.32.10/; sid:900606225; rev:1;)
alert tcp $HOME_NET any -> [68.183.216.174] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.216.174/; sid:900606228; rev:1;)
alert tcp $HOME_NET any -> [139.162.202.74] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.202.74/; sid:900606229; rev:1;)
alert tcp $HOME_NET any -> [45.79.33.48] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900606230; rev:1;)
alert tcp $HOME_NET any -> [104.248.178.90] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.178.90/; sid:900606231; rev:1;)
alert tcp $HOME_NET any -> [46.55.222.10] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.10/; sid:900606232; rev:1;)
alert tcp $HOME_NET any -> [173.212.243.155] 7002 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.243.155/; sid:900606233; rev:1;)
alert tcp $HOME_NET any -> [177.75.5.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.75.5.222/; sid:900606234; rev:1;)
alert tcp $HOME_NET any -> [105.27.205.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.27.205.34/; sid:900606235; rev:1;)
alert tcp $HOME_NET any -> [5.152.175.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.152.175.57/; sid:900606236; rev:1;)
alert tcp $HOME_NET any -> [185.227.170.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.227.170.13/; sid:900606237; rev:1;)
alert tcp $HOME_NET any -> [38.110.100.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.16/; sid:900606238; rev:1;)
alert tcp $HOME_NET any -> [45.230.176.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.176.157/; sid:900606239; rev:1;)
alert tcp $HOME_NET any -> [46.99.175.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.185/; sid:900606240; rev:1;)
alert tcp $HOME_NET any -> [63.147.234.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.147.234.198/; sid:900606241; rev:1;)
alert tcp $HOME_NET any -> [82.130.201.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.130.201.18/; sid:900606242; rev:1;)
alert tcp $HOME_NET any -> [181.129.167.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900606243; rev:1;)
alert tcp $HOME_NET any -> [62.99.79.77] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.99.79.77/; sid:900606244; rev:1;)
alert tcp $HOME_NET any -> [128.201.76.252] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.76.252/; sid:900606245; rev:1;)
alert tcp $HOME_NET any -> [221.147.172.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.147.172.5/; sid:900606246; rev:1;)
alert tcp $HOME_NET any -> [50.21.169.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.169.122/; sid:900606248; rev:1;)
alert tcp $HOME_NET any -> [216.166.148.48] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.48/; sid:900606249; rev:1;)
alert tcp $HOME_NET any -> [213.155.173.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.155.173.21/; sid:900606250; rev:1;)
alert tcp $HOME_NET any -> [82.139.146.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.139.146.190/; sid:900606251; rev:1;)
alert tcp $HOME_NET any -> [82.114.68.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.114.68.218/; sid:900606252; rev:1;)
alert tcp $HOME_NET any -> [202.5.56.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.5.56.40/; sid:900606253; rev:1;)
alert tcp $HOME_NET any -> [188.74.32.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.74.32.54/; sid:900606254; rev:1;)
alert tcp $HOME_NET any -> [183.105.49.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.105.49.9/; sid:900606255; rev:1;)
alert tcp $HOME_NET any -> [115.88.53.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.53.164/; sid:900606256; rev:1;)
alert tcp $HOME_NET any -> [24.242.237.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.242.237.172/; sid:900606257; rev:1;)
alert tcp $HOME_NET any -> [177.67.203.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.67.203.124/; sid:900606258; rev:1;)
alert tcp $HOME_NET any -> [177.87.57.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.87.57.93/; sid:900606259; rev:1;)
alert tcp $HOME_NET any -> [196.216.220.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.216.220.211/; sid:900606260; rev:1;)
alert tcp $HOME_NET any -> [36.67.97.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.97.127/; sid:900606261; rev:1;)
alert tcp $HOME_NET any -> [103.238.203.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.238.203.82/; sid:900606263; rev:1;)
alert tcp $HOME_NET any -> [177.52.173.20] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.173.20/; sid:900606266; rev:1;)
alert tcp $HOME_NET any -> [166.62.103.55] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.62.103.55/; sid:900606267; rev:1;)
alert tcp $HOME_NET any -> [103.140.207.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.207.110/; sid:900606268; rev:1;)
alert tcp $HOME_NET any -> [197.156.129.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.156.129.250/; sid:900606269; rev:1;)
alert tcp $HOME_NET any -> [116.203.25.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.25.236/; sid:900606270; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.13] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.13/; sid:900606271; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.156] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.156/; sid:900606272; rev:1;)
alert tcp $HOME_NET any -> [36.89.98.183] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.98.183/; sid:900606273; rev:1;)
alert tcp $HOME_NET any -> [88.87.15.96] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.87.15.96/; sid:900606274; rev:1;)
alert tcp $HOME_NET any -> [45.239.233.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.233.109/; sid:900606275; rev:1;)
alert tcp $HOME_NET any -> [106.243.129.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.129.116/; sid:900606276; rev:1;)
alert tcp $HOME_NET any -> [59.4.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.4.68.75/; sid:900606277; rev:1;)
alert tcp $HOME_NET any -> [185.164.32.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.148/; sid:900606278; rev:1;)
alert tcp $HOME_NET any -> [46.99.175.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.149/; sid:900606279; rev:1;)
alert tcp $HOME_NET any -> [46.99.175.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.175.217/; sid:900606280; rev:1;)
alert tcp $HOME_NET any -> [46.99.188.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.99.188.223/; sid:900606281; rev:1;)
alert tcp $HOME_NET any -> [185.56.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.175.122/; sid:900606282; rev:1;)
alert tcp $HOME_NET any -> [179.189.229.254] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.189.229.254/; sid:900606283; rev:1;)
alert tcp $HOME_NET any -> [65.152.201.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.152.201.203/; sid:900606284; rev:1;)
alert tcp $HOME_NET any -> [216.166.148.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.166.148.187/; sid:900606285; rev:1;)
alert tcp $HOME_NET any -> [182.253.210.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.210.130/; sid:900606286; rev:1;)
alert tcp $HOME_NET any -> [186.235.48.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.235.48.8/; sid:900606289; rev:1;)
alert tcp $HOME_NET any -> [113.160.37.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.37.196/; sid:900606290; rev:1;)
alert tcp $HOME_NET any -> [137.74.112.43] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.112.43/; sid:900606291; rev:1;)
alert tcp $HOME_NET any -> [216.108.227.55] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.108.227.55/; sid:900606292; rev:1;)
alert tcp $HOME_NET any -> [94.177.176.51] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.176.51/; sid:900606293; rev:1;)
alert tcp $HOME_NET any -> [24.28.12.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.12.23/; sid:900606294; rev:1;)
alert tcp $HOME_NET any -> [139.59.124.65] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.124.65/; sid:900606295; rev:1;)
alert tcp $HOME_NET any -> [138.121.91.136] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.121.91.136/; sid:900606296; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.155] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.155/; sid:900606297; rev:1;)
alert tcp $HOME_NET any -> [147.91.31.1] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.91.31.1/; sid:900606300; rev:1;)
alert tcp $HOME_NET any -> [176.9.89.122] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.89.122/; sid:900606301; rev:1;)
alert tcp $HOME_NET any -> [158.106.98.110] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.106.98.110/; sid:900606303; rev:1;)
alert tcp $HOME_NET any -> [149.210.181.82] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.210.181.82/; sid:900606304; rev:1;)
alert tcp $HOME_NET any -> [178.33.13.40] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.13.40/; sid:900606305; rev:1;)
alert tcp $HOME_NET any -> [36.66.188.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.188.251/; sid:900606306; rev:1;)
alert tcp $HOME_NET any -> [103.30.247.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.115/; sid:900606308; rev:1;)
alert tcp $HOME_NET any -> [190.93.208.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.93.208.53/; sid:900606309; rev:1;)
alert tcp $HOME_NET any -> [38.110.100.64] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.64/; sid:900606310; rev:1;)
alert tcp $HOME_NET any -> [38.110.100.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.110.100.219/; sid:900606311; rev:1;)
alert tcp $HOME_NET any -> [96.9.77.56] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.77.56/; sid:900606312; rev:1;)
alert tcp $HOME_NET any -> [103.75.201.2] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.201.2/; sid:900606313; rev:1;)
alert tcp $HOME_NET any -> [165.22.28.242] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.28.242/; sid:900606314; rev:1;)
alert tcp $HOME_NET any -> [118.42.135.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.42.135.173/; sid:900606315; rev:1;)
alert tcp $HOME_NET any -> [79.106.115.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.106.115.107/; sid:900606316; rev:1;)
alert tcp $HOME_NET any -> [103.248.217.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.248.217.234/; sid:900606317; rev:1;)
alert tcp $HOME_NET any -> [43.252.158.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.158.104/; sid:900606321; rev:1;)
alert tcp $HOME_NET any -> [75.176.235.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.176.235.182/; sid:900606322; rev:1;)
alert tcp $HOME_NET any -> [125.234.128.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.234.128.250/; sid:900606324; rev:1;)
alert tcp $HOME_NET any -> [87.98.128.76] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.98.128.76/; sid:900606325; rev:1;)
alert tcp $HOME_NET any -> [80.241.218.90] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.218.90/; sid:900606326; rev:1;)
alert tcp $HOME_NET any -> [103.161.172.109] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.109/; sid:900606327; rev:1;)
alert tcp $HOME_NET any -> [45.181.207.7] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.207.7/; sid:900606329; rev:1;)
alert tcp $HOME_NET any -> [78.111.121.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.111.121.2/; sid:900606330; rev:1;)
alert tcp $HOME_NET any -> [103.148.201.66] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.201.66/; sid:900606332; rev:1;)
alert tcp $HOME_NET any -> [45.181.206.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.181.206.8/; sid:900606333; rev:1;)
alert tcp $HOME_NET any -> [103.36.50.251] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.50.251/; sid:900606336; rev:1;)
alert tcp $HOME_NET any -> [103.73.224.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.73.224.46/; sid:900606337; rev:1;)
alert tcp $HOME_NET any -> [116.212.132.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.212.132.197/; sid:900606338; rev:1;)
alert tcp $HOME_NET any -> [168.205.192.71] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.205.192.71/; sid:900606339; rev:1;)
alert tcp $HOME_NET any -> [186.101.84.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.84.222/; sid:900606340; rev:1;)
alert tcp $HOME_NET any -> [201.174.75.107] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.75.107/; sid:900606341; rev:1;)
alert tcp $HOME_NET any -> [201.174.52.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.52.20/; sid:900606342; rev:1;)
alert tcp $HOME_NET any -> [45.7.132.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.7.132.229/; sid:900606344; rev:1;)
alert tcp $HOME_NET any -> [45.40.132.219] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.40.132.219/; sid:900606345; rev:1;)
alert tcp $HOME_NET any -> [190.183.237.119] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.237.119/; sid:900606346; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.198] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.198/; sid:900606347; rev:1;)
alert tcp $HOME_NET any -> [172.104.58.76] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.58.76/; sid:900606349; rev:1;)
alert tcp $HOME_NET any -> [204.174.223.210] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.174.223.210/; sid:900606350; rev:1;)
alert tcp $HOME_NET any -> [51.91.105.97] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.105.97/; sid:900606351; rev:1;)
alert tcp $HOME_NET any -> [134.209.182.12] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.182.12/; sid:900606352; rev:1;)
alert tcp $HOME_NET any -> [188.40.100.254] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.100.254/; sid:900606353; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.9] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.9/; sid:900606354; rev:1;)
alert tcp $HOME_NET any -> [163.172.217.74] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.217.74/; sid:900606360; rev:1;)
alert tcp $HOME_NET any -> [74.63.218.139] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.63.218.139/; sid:900606361; rev:1;)
alert tcp $HOME_NET any -> [142.11.214.93] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.11.214.93/; sid:900606362; rev:1;)
alert tcp $HOME_NET any -> [148.251.238.52] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.238.52/; sid:900606364; rev:1;)
alert tcp $HOME_NET any -> [209.216.243.2] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.216.243.2/; sid:900606365; rev:1;)
alert tcp $HOME_NET any -> [103.30.247.116] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.30.247.116/; sid:900606366; rev:1;)
alert tcp $HOME_NET any -> [50.116.62.25] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.62.25/; sid:900606367; rev:1;)
alert tcp $HOME_NET any -> [185.143.48.16] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.143.48.16/; sid:900606368; rev:1;)
alert tcp $HOME_NET any -> [119.18.149.168] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.18.149.168/; sid:900606371; rev:1;)
alert tcp $HOME_NET any -> [163.53.80.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.80.223/; sid:900606372; rev:1;)
alert tcp $HOME_NET any -> [175.29.173.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.29.173.58/; sid:900606373; rev:1;)
alert tcp $HOME_NET any -> [14.163.55.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.163.55.123/; sid:900606374; rev:1;)
alert tcp $HOME_NET any -> [177.21.100.121] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.21.100.121/; sid:900606375; rev:1;)
alert tcp $HOME_NET any -> [200.125.170.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.226/; sid:900606376; rev:1;)
alert tcp $HOME_NET any -> [200.125.170.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.227/; sid:900606377; rev:1;)
alert tcp $HOME_NET any -> [200.121.194.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.121.194.2/; sid:900606378; rev:1;)
alert tcp $HOME_NET any -> [200.125.170.228] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.228/; sid:900606379; rev:1;)
alert tcp $HOME_NET any -> [200.125.170.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.229/; sid:900606380; rev:1;)
alert tcp $HOME_NET any -> [200.125.170.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.170.230/; sid:900606381; rev:1;)
alert tcp $HOME_NET any -> [167.99.61.111] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.61.111/; sid:900606385; rev:1;)
alert tcp $HOME_NET any -> [195.234.101.236] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.234.101.236/; sid:900606386; rev:1;)
alert tcp $HOME_NET any -> [209.89.76.47] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.89.76.47/; sid:900606387; rev:1;)
alert tcp $HOME_NET any -> [51.79.50.122] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.50.122/; sid:900606389; rev:1;)
alert tcp $HOME_NET any -> [138.201.222.158] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.222.158/; sid:900606390; rev:1;)
alert tcp $HOME_NET any -> [222.124.142.67] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.124.142.67/; sid:900606391; rev:1;)
alert tcp $HOME_NET any -> [217.18.75.120] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.18.75.120/; sid:900606393; rev:1;)
alert tcp $HOME_NET any -> [185.82.144.173] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.144.173/; sid:900606394; rev:1;)
alert tcp $HOME_NET any -> [185.86.151.208] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.208/; sid:900606395; rev:1;)
alert tcp $HOME_NET any -> [54.39.98.141] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.98.141/; sid:900606397; rev:1;)
alert tcp $HOME_NET any -> [103.82.248.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.248.59/; sid:900606398; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.8] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.8/; sid:900606399; rev:1;)
alert tcp $HOME_NET any -> [5.135.167.231] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.167.231/; sid:900606402; rev:1;)
alert tcp $HOME_NET any -> [212.53.160.143] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.53.160.143/; sid:900606403; rev:1;)
alert tcp $HOME_NET any -> [51.75.162.188] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.162.188/; sid:900606407; rev:1;)
alert tcp $HOME_NET any -> [192.99.150.39] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.150.39/; sid:900606412; rev:1;)
alert tcp $HOME_NET any -> [46.101.182.168] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.182.168/; sid:900606413; rev:1;)
alert tcp $HOME_NET any -> [216.120.236.127] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.120.236.127/; sid:900606414; rev:1;)
alert tcp $HOME_NET any -> [103.56.207.249] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.56.207.249/; sid:900606416; rev:1;)
alert tcp $HOME_NET any -> [180.250.217.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.217.98/; sid:900606417; rev:1;)
alert tcp $HOME_NET any -> [185.42.224.119] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.42.224.119/; sid:900606420; rev:1;)
alert tcp $HOME_NET any -> [37.235.25.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.235.25.106/; sid:900606421; rev:1;)
alert tcp $HOME_NET any -> [190.0.2.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.2.98/; sid:900606422; rev:1;)
alert tcp $HOME_NET any -> [200.58.180.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.180.138/; sid:900606423; rev:1;)
alert tcp $HOME_NET any -> [77.46.134.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.46.134.84/; sid:900606424; rev:1;)
alert tcp $HOME_NET any -> [213.136.86.165] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.136.86.165/; sid:900606426; rev:1;)
alert tcp $HOME_NET any -> [45.33.33.91] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.33.91/; sid:900606427; rev:1;)
alert tcp $HOME_NET any -> [193.25.100.114] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.25.100.114/; sid:900606430; rev:1;)
alert tcp $HOME_NET any -> [97.107.134.115] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.134.115/; sid:900606431; rev:1;)
alert tcp $HOME_NET any -> [103.253.107.153] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.107.153/; sid:900606432; rev:1;)
alert tcp $HOME_NET any -> [146.196.122.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.10/; sid:900606434; rev:1;)
alert tcp $HOME_NET any -> [103.87.173.60] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.173.60/; sid:900606435; rev:1;)
alert tcp $HOME_NET any -> [45.32.243.209] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.243.209/; sid:900606436; rev:1;)
alert tcp $HOME_NET any -> [207.180.208.54] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.208.54/; sid:900606437; rev:1;)
alert tcp $HOME_NET any -> [103.225.205.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.225.205.145/; sid:900606440; rev:1;)
alert tcp $HOME_NET any -> [103.253.208.95] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.253.208.95/; sid:900606441; rev:1;)
alert tcp $HOME_NET any -> [103.89.254.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.89.254.209/; sid:900606442; rev:1;)
alert tcp $HOME_NET any -> [117.222.61.236] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.236/; sid:900606443; rev:1;)
alert tcp $HOME_NET any -> [117.252.68.248] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.68.248/; sid:900606444; rev:1;)
alert tcp $HOME_NET any -> [117.252.20.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.20.222/; sid:900606445; rev:1;)
alert tcp $HOME_NET any -> [117.254.63.4] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.254.63.4/; sid:900606446; rev:1;)
alert tcp $HOME_NET any -> [117.222.62.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.62.101/; sid:900606447; rev:1;)
alert tcp $HOME_NET any -> [122.186.45.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.45.203/; sid:900606448; rev:1;)
alert tcp $HOME_NET any -> [103.43.4.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.43.4.82/; sid:900606449; rev:1;)
alert tcp $HOME_NET any -> [146.196.122.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.153/; sid:900606450; rev:1;)
alert tcp $HOME_NET any -> [146.196.122.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.157/; sid:900606451; rev:1;)
alert tcp $HOME_NET any -> [14.102.25.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.25.100/; sid:900606452; rev:1;)
alert tcp $HOME_NET any -> [194.190.18.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.190.18.122/; sid:900606453; rev:1;)
alert tcp $HOME_NET any -> [186.4.193.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.193.75/; sid:900606454; rev:1;)
alert tcp $HOME_NET any -> [103.92.200.13] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.92.200.13/; sid:900606456; rev:1;)
alert tcp $HOME_NET any -> [45.80.173.80] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.173.80/; sid:900606457; rev:1;)
alert tcp $HOME_NET any -> [207.154.208.93] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.208.93/; sid:900606458; rev:1;)
alert tcp $HOME_NET any -> [204.107.218.39] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.107.218.39/; sid:900606462; rev:1;)
alert tcp $HOME_NET any -> [78.139.22.184] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.139.22.184/; sid:900606463; rev:1;)
alert tcp $HOME_NET any -> [5.199.162.48] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.162.48/; sid:900606466; rev:1;)
alert tcp $HOME_NET any -> [194.1.193.11] 8443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.1.193.11/; sid:900606467; rev:1;)
alert tcp $HOME_NET any -> [119.59.105.131] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.105.131/; sid:900606468; rev:1;)
alert tcp $HOME_NET any -> [201.148.20.37] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.148.20.37/; sid:900606469; rev:1;)
alert tcp $HOME_NET any -> [103.121.123.61] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.121.123.61/; sid:900606470; rev:1;)
alert tcp $HOME_NET any -> [45.55.180.84] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.180.84/; sid:900606472; rev:1;)
alert tcp $HOME_NET any -> [128.199.206.91] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.206.91/; sid:900606473; rev:1;)
alert tcp $HOME_NET any -> [92.247.29.75] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.247.29.75/; sid:900606481; rev:1;)
alert tcp $HOME_NET any -> [104.152.111.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.152.111.198/; sid:900606482; rev:1;)
alert tcp $HOME_NET any -> [124.158.165.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.158.165.190/; sid:900606483; rev:1;)
alert tcp $HOME_NET any -> [36.94.167.167] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.167.167/; sid:900606484; rev:1;)
alert tcp $HOME_NET any -> [114.79.130.68] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.130.68/; sid:900606485; rev:1;)
alert tcp $HOME_NET any -> [106.0.51.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.0.51.2/; sid:900606486; rev:1;)
alert tcp $HOME_NET any -> [103.111.55.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.55.46/; sid:900606487; rev:1;)
alert tcp $HOME_NET any -> [167.71.232.57] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.232.57/; sid:900606488; rev:1;)
alert tcp $HOME_NET any -> [45.76.176.10] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900606489; rev:1;)
alert tcp $HOME_NET any -> [103.233.25.228] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.233.25.228/; sid:900606490; rev:1;)
alert tcp $HOME_NET any -> [176.100.4.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.100.4.31/; sid:900606491; rev:1;)
alert tcp $HOME_NET any -> [165.73.90.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.73.90.187/; sid:900606492; rev:1;)
alert tcp $HOME_NET any -> [122.117.90.133] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.117.90.133/; sid:900606493; rev:1;)
alert tcp $HOME_NET any -> [103.113.105.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.105.126/; sid:900606494; rev:1;)
alert tcp $HOME_NET any -> [139.255.199.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.199.196/; sid:900606495; rev:1;)
alert tcp $HOME_NET any -> [157.119.215.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.119.215.186/; sid:900606496; rev:1;)
alert tcp $HOME_NET any -> [103.75.32.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.38/; sid:900606497; rev:1;)
alert tcp $HOME_NET any -> [103.94.0.178] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.0.178/; sid:900606498; rev:1;)
alert tcp $HOME_NET any -> [103.127.67.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.127.67.38/; sid:900606499; rev:1;)
alert tcp $HOME_NET any -> [103.122.108.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.108.44/; sid:900606500; rev:1;)
alert tcp $HOME_NET any -> [36.95.110.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.110.19/; sid:900606501; rev:1;)
alert tcp $HOME_NET any -> [36.91.36.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.36.29/; sid:900606502; rev:1;)
alert tcp $HOME_NET any -> [36.37.99.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.37.99.242/; sid:900606503; rev:1;)
alert tcp $HOME_NET any -> [14.102.15.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.100/; sid:900606504; rev:1;)
alert tcp $HOME_NET any -> [14.102.15.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.15.101/; sid:900606505; rev:1;)
alert tcp $HOME_NET any -> [206.225.86.233] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.225.86.233/; sid:900606507; rev:1;)
alert tcp $HOME_NET any -> [128.199.232.159] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.232.159/; sid:900606508; rev:1;)
alert tcp $HOME_NET any -> [45.76.117.129] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.117.129/; sid:900606509; rev:1;)
alert tcp $HOME_NET any -> [5.199.174.90] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.174.90/; sid:900606512; rev:1;)
alert tcp $HOME_NET any -> [194.141.47.9] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.141.47.9/; sid:900606513; rev:1;)
alert tcp $HOME_NET any -> [159.65.3.147] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.3.147/; sid:900606514; rev:1;)
alert tcp $HOME_NET any -> [54.37.84.240] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.84.240/; sid:900606515; rev:1;)
alert tcp $HOME_NET any -> [212.39.115.102] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.39.115.102/; sid:900606516; rev:1;)
alert tcp $HOME_NET any -> [156.67.220.186] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.220.186/; sid:900606517; rev:1;)
alert tcp $HOME_NET any -> [169.255.57.61] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.57.61/; sid:900606519; rev:1;)
alert tcp $HOME_NET any -> [128.199.192.135] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900606520; rev:1;)
alert tcp $HOME_NET any -> [103.58.102.177] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.58.102.177/; sid:900606521; rev:1;)
alert tcp $HOME_NET any -> [103.145.213.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.145.213.106/; sid:900606522; rev:1;)
alert tcp $HOME_NET any -> [103.140.206.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.140.206.94/; sid:900606523; rev:1;)
alert tcp $HOME_NET any -> [103.78.141.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.78.141.26/; sid:900606524; rev:1;)
alert tcp $HOME_NET any -> [116.50.27.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.50.27.50/; sid:900606525; rev:1;)
alert tcp $HOME_NET any -> [103.144.168.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.144.168.162/; sid:900606526; rev:1;)
alert tcp $HOME_NET any -> [148.251.190.18] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.190.18/; sid:900606530; rev:1;)
alert tcp $HOME_NET any -> [202.157.177.65] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.157.177.65/; sid:900606531; rev:1;)
alert tcp $HOME_NET any -> [31.173.137.39] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.39/; sid:900606533; rev:1;)
alert tcp $HOME_NET any -> [115.85.78.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.85.78.118/; sid:900606535; rev:1;)
alert tcp $HOME_NET any -> [31.173.137.47] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.47/; sid:900606536; rev:1;)
alert tcp $HOME_NET any -> [37.57.82.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.57.82.112/; sid:900606537; rev:1;)
alert tcp $HOME_NET any -> [195.138.66.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.138.66.209/; sid:900606538; rev:1;)
alert tcp $HOME_NET any -> [98.0.159.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.159.122/; sid:900606539; rev:1;)
alert tcp $HOME_NET any -> [175.184.232.234] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.184.232.234/; sid:900606540; rev:1;)
alert tcp $HOME_NET any -> [139.255.41.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.41.122/; sid:900606541; rev:1;)
alert tcp $HOME_NET any -> [202.179.185.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.179.185.203/; sid:900606542; rev:1;)
alert tcp $HOME_NET any -> [31.173.137.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.173.137.49/; sid:900606543; rev:1;)
alert tcp $HOME_NET any -> [36.89.228.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.228.201/; sid:900606544; rev:1;)
alert tcp $HOME_NET any -> [36.67.109.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.67.109.15/; sid:900606545; rev:1;)
alert tcp $HOME_NET any -> [178.159.126.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.159.126.34/; sid:900606546; rev:1;)
alert tcp $HOME_NET any -> [43.252.159.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.252.159.190/; sid:900606549; rev:1;)
alert tcp $HOME_NET any -> [124.41.211.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.211.17/; sid:900606551; rev:1;)
alert tcp $HOME_NET any -> [103.52.135.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.52.135.61/; sid:900606552; rev:1;)
alert tcp $HOME_NET any -> [36.92.59.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.59.93/; sid:900606554; rev:1;)
alert tcp $HOME_NET any -> [31.31.75.77] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.31.75.77/; sid:900606564; rev:1;)
alert tcp $HOME_NET any -> [80.211.40.191] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.40.191/; sid:900606565; rev:1;)
alert tcp $HOME_NET any -> [207.154.252.203] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.252.203/; sid:900606569; rev:1;)
alert tcp $HOME_NET any -> [138.197.109.175] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.109.175/; sid:900606570; rev:1;)
alert tcp $HOME_NET any -> [45.33.20.41] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.20.41/; sid:900606571; rev:1;)
alert tcp $HOME_NET any -> [85.254.196.150] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.254.196.150/; sid:900606573; rev:1;)
alert tcp $HOME_NET any -> [185.30.32.51] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.51/; sid:900606575; rev:1;)
alert tcp $HOME_NET any -> [185.250.148.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.148.74/; sid:900606576; rev:1;)
alert tcp $HOME_NET any -> [81.241.252.59] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.241.252.59/; sid:900606577; rev:1;)
alert tcp $HOME_NET any -> [81.250.153.227] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.250.153.227/; sid:900606578; rev:1;)
alert tcp $HOME_NET any -> [89.101.97.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.101.97.139/; sid:900606579; rev:1;)
alert tcp $HOME_NET any -> [95.77.223.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.77.223.148/; sid:900606580; rev:1;)
alert tcp $HOME_NET any -> [47.22.148.6] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.22.148.6/; sid:900606581; rev:1;)
alert tcp $HOME_NET any -> [199.27.127.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.27.127.129/; sid:900606582; rev:1;)
alert tcp $HOME_NET any -> [105.198.236.99] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606583; rev:1;)
alert tcp $HOME_NET any -> [216.201.162.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900606584; rev:1;)
alert tcp $HOME_NET any -> [37.210.152.224] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.152.224/; sid:900606585; rev:1;)
alert tcp $HOME_NET any -> [136.232.34.70] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.34.70/; sid:900606586; rev:1;)
alert tcp $HOME_NET any -> [181.118.183.94] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.94/; sid:900606587; rev:1;)
alert tcp $HOME_NET any -> [120.151.47.189] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.47.189/; sid:900606588; rev:1;)
alert tcp $HOME_NET any -> [120.150.218.241] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900606589; rev:1;)
alert tcp $HOME_NET any -> [41.228.22.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.228.22.180/; sid:900606590; rev:1;)
alert tcp $HOME_NET any -> [122.11.220.212] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.220.212/; sid:900606591; rev:1;)
alert tcp $HOME_NET any -> [177.130.82.197] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.130.82.197/; sid:900606592; rev:1;)
alert tcp $HOME_NET any -> [24.139.72.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.72.117/; sid:900606593; rev:1;)
alert tcp $HOME_NET any -> [24.229.150.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.150.54/; sid:900606594; rev:1;)
alert tcp $HOME_NET any -> [186.18.205.199] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.205.199/; sid:900606595; rev:1;)
alert tcp $HOME_NET any -> [73.151.236.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.151.236.31/; sid:900606596; rev:1;)
alert tcp $HOME_NET any -> [68.204.7.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.204.7.158/; sid:900606597; rev:1;)
alert tcp $HOME_NET any -> [75.188.35.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900606598; rev:1;)
alert tcp $HOME_NET any -> [72.252.201.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606599; rev:1;)
alert tcp $HOME_NET any -> [173.21.10.71] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.10.71/; sid:900606600; rev:1;)
alert tcp $HOME_NET any -> [24.55.112.61] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.112.61/; sid:900606601; rev:1;)
alert tcp $HOME_NET any -> [71.80.168.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.80.168.245/; sid:900606602; rev:1;)
alert tcp $HOME_NET any -> [45.46.53.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.53.140/; sid:900606603; rev:1;)
alert tcp $HOME_NET any -> [217.17.56.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606604; rev:1;)
alert tcp $HOME_NET any -> [41.251.41.14] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.251.41.14/; sid:900606605; rev:1;)
alert tcp $HOME_NET any -> [93.8.66.216] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.8.66.216/; sid:900606606; rev:1;)
alert tcp $HOME_NET any -> [217.17.56.163] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606607; rev:1;)
alert tcp $HOME_NET any -> [217.17.56.163] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606608; rev:1;)
alert tcp $HOME_NET any -> [217.17.56.163] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.17.56.163/; sid:900606609; rev:1;)
alert tcp $HOME_NET any -> [190.198.206.189] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.198.206.189/; sid:900606610; rev:1;)
alert tcp $HOME_NET any -> [47.40.196.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.40.196.233/; sid:900606612; rev:1;)
alert tcp $HOME_NET any -> [71.74.12.34] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.74.12.34/; sid:900606613; rev:1;)
alert tcp $HOME_NET any -> [207.38.84.195] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.38.84.195/; sid:900606615; rev:1;)
alert tcp $HOME_NET any -> [186.250.48.123] 7880 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.123/; sid:900606616; rev:1;)
alert tcp $HOME_NET any -> [76.25.142.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.25.142.196/; sid:900606617; rev:1;)
alert tcp $HOME_NET any -> [67.165.206.193] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.165.206.193/; sid:900606618; rev:1;)
alert tcp $HOME_NET any -> [124.123.42.115] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.123.42.115/; sid:900606621; rev:1;)
alert tcp $HOME_NET any -> [103.148.120.144] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.148.120.144/; sid:900606622; rev:1;)
alert tcp $HOME_NET any -> [173.25.166.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.166.81/; sid:900606623; rev:1;)
alert tcp $HOME_NET any -> [189.210.115.207] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.115.207/; sid:900606624; rev:1;)
alert tcp $HOME_NET any -> [109.12.111.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.12.111.14/; sid:900606625; rev:1;)
alert tcp $HOME_NET any -> [68.186.192.69] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.186.192.69/; sid:900606626; rev:1;)
alert tcp $HOME_NET any -> [144.139.47.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.47.206/; sid:900606627; rev:1;)
alert tcp $HOME_NET any -> [50.29.166.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.29.166.232/; sid:900606629; rev:1;)
alert tcp $HOME_NET any -> [75.89.195.186] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.89.195.186/; sid:900606630; rev:1;)
alert tcp $HOME_NET any -> [159.2.51.200] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.2.51.200/; sid:900606631; rev:1;)
alert tcp $HOME_NET any -> [174.54.58.170] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.58.170/; sid:900606632; rev:1;)
alert tcp $HOME_NET any -> [94.200.181.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.181.154/; sid:900606633; rev:1;)
alert tcp $HOME_NET any -> [73.130.180.25] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.130.180.25/; sid:900606634; rev:1;)
alert tcp $HOME_NET any -> [73.52.50.32] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.52.50.32/; sid:900606635; rev:1;)
alert tcp $HOME_NET any -> [174.59.35.191] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.59.35.191/; sid:900606636; rev:1;)
alert tcp $HOME_NET any -> [73.230.205.91] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.230.205.91/; sid:900606637; rev:1;)
alert tcp $HOME_NET any -> [174.54.193.186] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.54.193.186/; sid:900606638; rev:1;)
alert tcp $HOME_NET any -> [24.152.219.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.152.219.253/; sid:900606639; rev:1;)
alert tcp $HOME_NET any -> [86.8.177.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.8.177.143/; sid:900606640; rev:1;)
alert tcp $HOME_NET any -> [103.157.122.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.157.122.198/; sid:900606641; rev:1;)
alert tcp $HOME_NET any -> [78.191.44.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.44.76/; sid:900606642; rev:1;)
alert tcp $HOME_NET any -> [73.25.124.140] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.124.140/; sid:900606644; rev:1;)
alert tcp $HOME_NET any -> [75.66.88.33] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.66.88.33/; sid:900606645; rev:1;)
alert tcp $HOME_NET any -> [73.77.87.137] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606646; rev:1;)
alert tcp $HOME_NET any -> [81.214.126.173] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.126.173/; sid:900606647; rev:1;)
alert tcp $HOME_NET any -> [75.75.179.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.75.179.226/; sid:900606648; rev:1;)
alert tcp $HOME_NET any -> [167.248.100.227] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.100.227/; sid:900606649; rev:1;)
alert tcp $HOME_NET any -> [167.248.111.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.111.245/; sid:900606650; rev:1;)
alert tcp $HOME_NET any -> [96.57.188.174] 2078 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.57.188.174/; sid:900606651; rev:1;)
alert tcp $HOME_NET any -> [40.131.140.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.131.140.155/; sid:900606652; rev:1;)
alert tcp $HOME_NET any -> [96.46.103.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.46.103.226/; sid:900606653; rev:1;)
alert tcp $HOME_NET any -> [208.89.170.179] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.89.170.179/; sid:900606654; rev:1;)
alert tcp $HOME_NET any -> [206.47.134.234] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.47.134.234/; sid:900606655; rev:1;)
alert tcp $HOME_NET any -> [187.116.124.82] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.116.124.82/; sid:900606656; rev:1;)
alert tcp $HOME_NET any -> [76.84.230.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.230.103/; sid:900606657; rev:1;)
alert tcp $HOME_NET any -> [201.93.111.2] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.93.111.2/; sid:900606658; rev:1;)
alert tcp $HOME_NET any -> [75.163.81.130] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.163.81.130/; sid:900606659; rev:1;)
alert tcp $HOME_NET any -> [69.30.186.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.186.190/; sid:900606660; rev:1;)
alert tcp $HOME_NET any -> [98.22.92.139] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.22.92.139/; sid:900606661; rev:1;)
alert tcp $HOME_NET any -> [97.98.130.50] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.98.130.50/; sid:900606662; rev:1;)
alert tcp $HOME_NET any -> [167.248.81.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.81.60/; sid:900606663; rev:1;)
alert tcp $HOME_NET any -> [69.30.190.105] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.190.105/; sid:900606664; rev:1;)
alert tcp $HOME_NET any -> [78.191.36.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.36.142/; sid:900606665; rev:1;)
alert tcp $HOME_NET any -> [185.157.82.209] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.157.82.209/; sid:900606666; rev:1;)
alert tcp $HOME_NET any -> [5.39.99.208] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.99.208/; sid:900606667; rev:1;)
alert tcp $HOME_NET any -> [207.148.81.119] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.148.81.119/; sid:900606668; rev:1;)
alert tcp $HOME_NET any -> [167.248.99.149] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.99.149/; sid:900606670; rev:1;)
alert tcp $HOME_NET any -> [167.248.23.224] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.23.224/; sid:900606671; rev:1;)
alert tcp $HOME_NET any -> [167.248.117.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.117.81/; sid:900606672; rev:1;)
alert tcp $HOME_NET any -> [70.37.217.196] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.37.217.196/; sid:900606673; rev:1;)
alert tcp $HOME_NET any -> [103.142.10.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.142.10.177/; sid:900606674; rev:1;)
alert tcp $HOME_NET any -> [2.99.100.134] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.99.100.134/; sid:900606675; rev:1;)
alert tcp $HOME_NET any -> [24.119.214.7] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.119.214.7/; sid:900606676; rev:1;)
alert tcp $HOME_NET any -> [74.72.237.54] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.72.237.54/; sid:900606678; rev:1;)
alert tcp $HOME_NET any -> [177.94.21.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.21.110/; sid:900606679; rev:1;)
alert tcp $HOME_NET any -> [115.96.53.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.53.68/; sid:900606680; rev:1;)
alert tcp $HOME_NET any -> [76.84.225.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.84.225.21/; sid:900606681; rev:1;)
alert tcp $HOME_NET any -> [103.75.32.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.32.173/; sid:900606682; rev:1;)
alert tcp $HOME_NET any -> [202.9.121.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.9.121.143/; sid:900606683; rev:1;)
alert tcp $HOME_NET any -> [103.146.232.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.146.232.154/; sid:900606684; rev:1;)
alert tcp $HOME_NET any -> [103.47.170.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.131/; sid:900606685; rev:1;)
alert tcp $HOME_NET any -> [117.222.61.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.61.115/; sid:900606686; rev:1;)
alert tcp $HOME_NET any -> [117.222.57.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.57.92/; sid:900606687; rev:1;)
alert tcp $HOME_NET any -> [103.47.170.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.170.130/; sid:900606688; rev:1;)
alert tcp $HOME_NET any -> [36.95.23.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.95.23.89/; sid:900606689; rev:1;)
alert tcp $HOME_NET any -> [116.206.153.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.206.153.212/; sid:900606690; rev:1;)
alert tcp $HOME_NET any -> [118.91.190.42] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.91.190.42/; sid:900606691; rev:1;)
alert tcp $HOME_NET any -> [136.228.128.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.128.21/; sid:900606692; rev:1;)
alert tcp $HOME_NET any -> [36.91.186.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.186.235/; sid:900606693; rev:1;)
alert tcp $HOME_NET any -> [181.4.53.6] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.53.6/; sid:900606694; rev:1;)
alert tcp $HOME_NET any -> [209.50.20.255] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.50.20.255/; sid:900606699; rev:1;)
alert tcp $HOME_NET any -> [202.134.178.157] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.178.157/; sid:900606700; rev:1;)
alert tcp $HOME_NET any -> [69.80.113.148] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.80.113.148/; sid:900606701; rev:1;)
alert tcp $HOME_NET any -> [89.137.52.44] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.137.52.44/; sid:900606702; rev:1;)
alert tcp $HOME_NET any -> [185.168.130.138] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.168.130.138/; sid:900606703; rev:1;)
alert tcp $HOME_NET any -> [79.172.255.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.172.255.198/; sid:900606704; rev:1;)
alert tcp $HOME_NET any -> [173.25.162.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.25.162.221/; sid:900606706; rev:1;)
alert tcp $HOME_NET any -> [167.248.126.223] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.248.126.223/; sid:900606707; rev:1;)
alert tcp $HOME_NET any -> [78.191.58.219] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.58.219/; sid:900606708; rev:1;)
alert tcp $HOME_NET any -> [188.55.235.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.235.110/; sid:900606709; rev:1;)
alert tcp $HOME_NET any -> [66.103.170.104] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.103.170.104/; sid:900606711; rev:1;)
alert tcp $HOME_NET any -> [195.154.108.109] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.108.109/; sid:900606712; rev:1;)
alert tcp $HOME_NET any -> [77.57.204.78] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.57.204.78/; sid:900606713; rev:1;)
alert tcp $HOME_NET any -> [51.178.61.60] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900606714; rev:1;)
alert tcp $HOME_NET any -> [116.203.55.59] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.55.59/; sid:900606715; rev:1;)
alert tcp $HOME_NET any -> [213.190.4.223] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.190.4.223/; sid:900606716; rev:1;)
alert tcp $HOME_NET any -> [27.223.92.142] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.223.92.142/; sid:900606717; rev:1;)
alert tcp $HOME_NET any -> [2.222.167.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.222.167.138/; sid:900606718; rev:1;)
alert tcp $HOME_NET any -> [80.6.192.58] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.6.192.58/; sid:900606720; rev:1;)
alert tcp $HOME_NET any -> [188.50.169.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.169.158/; sid:900606721; rev:1;)
alert tcp $HOME_NET any -> [209.142.97.161] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.142.97.161/; sid:900606722; rev:1;)
alert tcp $HOME_NET any -> [200.232.214.222] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.232.214.222/; sid:900606723; rev:1;)
alert tcp $HOME_NET any -> [186.32.163.199] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.163.199/; sid:900606724; rev:1;)
alert tcp $HOME_NET any -> [72.173.78.211] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.173.78.211/; sid:900606725; rev:1;)
alert tcp $HOME_NET any -> [98.157.235.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.235.126/; sid:900606726; rev:1;)
alert tcp $HOME_NET any -> [24.171.50.5] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.171.50.5/; sid:900606727; rev:1;)
alert tcp $HOME_NET any -> [66.177.215.152] 50010 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606728; rev:1;)
alert tcp $HOME_NET any -> [177.170.201.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.170.201.134/; sid:900606729; rev:1;)
alert tcp $HOME_NET any -> [66.177.215.152] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.177.215.152/; sid:900606730; rev:1;)
alert tcp $HOME_NET any -> [73.140.38.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.140.38.124/; sid:900606731; rev:1;)
alert tcp $HOME_NET any -> [110.174.64.179] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.174.64.179/; sid:900606732; rev:1;)
alert tcp $HOME_NET any -> [38.10.197.234] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.197.234/; sid:900606733; rev:1;)
alert tcp $HOME_NET any -> [220.255.25.28] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.28/; sid:900606734; rev:1;)
alert tcp $HOME_NET any -> [41.86.42.158] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606735; rev:1;)
alert tcp $HOME_NET any -> [93.48.58.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.58.123/; sid:900606736; rev:1;)
alert tcp $HOME_NET any -> [41.86.42.158] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.86.42.158/; sid:900606737; rev:1;)
alert tcp $HOME_NET any -> [63.143.92.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.92.99/; sid:900606738; rev:1;)
alert tcp $HOME_NET any -> [73.77.87.137] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.77.87.137/; sid:900606739; rev:1;)
alert tcp $HOME_NET any -> [187.250.159.104] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.159.104/; sid:900606740; rev:1;)
alert tcp $HOME_NET any -> [187.172.240.28] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.240.28/; sid:900606741; rev:1;)
alert tcp $HOME_NET any -> [188.50.26.190] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.26.190/; sid:900606742; rev:1;)
alert tcp $HOME_NET any -> [85.109.229.54] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.229.54/; sid:900606744; rev:1;)
alert tcp $HOME_NET any -> [203.213.107.174] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.107.174/; sid:900606747; rev:1;)
alert tcp $HOME_NET any -> [37.117.191.19] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.117.191.19/; sid:900606749; rev:1;)
alert tcp $HOME_NET any -> [212.112.86.37] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.86.37/; sid:900606750; rev:1;)
alert tcp $HOME_NET any -> [72.52.96.202] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.52.96.202/; sid:900606751; rev:1;)
alert tcp $HOME_NET any -> [139.162.232.153] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.232.153/; sid:900606753; rev:1;)
alert tcp $HOME_NET any -> [5.83.45.48] 5412 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.83.45.48/; sid:900606754; rev:1;)
alert tcp $HOME_NET any -> [209.239.112.82] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900606755; rev:1;)
alert tcp $HOME_NET any -> [146.66.238.74] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.238.74/; sid:900606759; rev:1;)
alert tcp $HOME_NET any -> [77.31.162.93] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.31.162.93/; sid:900606760; rev:1;)
alert tcp $HOME_NET any -> [67.230.44.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.230.44.194/; sid:900606761; rev:1;)
alert tcp $HOME_NET any -> [39.49.64.244] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.64.244/; sid:900606762; rev:1;)
alert tcp $HOME_NET any -> [209.236.35.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.236.35.178/; sid:900606763; rev:1;)
alert tcp $HOME_NET any -> [75.131.217.182] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.131.217.182/; sid:900606764; rev:1;)
alert tcp $HOME_NET any -> [72.252.201.69] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606765; rev:1;)
alert tcp $HOME_NET any -> [78.105.213.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.105.213.151/; sid:900606766; rev:1;)
alert tcp $HOME_NET any -> [173.22.178.66] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.22.178.66/; sid:900606767; rev:1;)
alert tcp $HOME_NET any -> [68.117.229.117] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.117.229.117/; sid:900606768; rev:1;)
alert tcp $HOME_NET any -> [201.68.60.118] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.68.60.118/; sid:900606769; rev:1;)
alert tcp $HOME_NET any -> [51.83.3.52] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.3.52/; sid:900606770; rev:1;)
alert tcp $HOME_NET any -> [69.64.50.41] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.64.50.41/; sid:900606771; rev:1;)
alert tcp $HOME_NET any -> [189.252.166.130] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.166.130/; sid:900606772; rev:1;)
alert tcp $HOME_NET any -> [208.78.220.143] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.220.143/; sid:900606773; rev:1;)
alert tcp $HOME_NET any -> [78.179.137.102] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.179.137.102/; sid:900606774; rev:1;)
alert tcp $HOME_NET any -> [24.231.209.2] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606775; rev:1;)
alert tcp $HOME_NET any -> [65.100.174.110] 32103 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606776; rev:1;)
alert tcp $HOME_NET any -> [65.100.174.110] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606777; rev:1;)
alert tcp $HOME_NET any -> [65.100.174.110] 8443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606778; rev:1;)
alert tcp $HOME_NET any -> [98.203.26.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.203.26.168/; sid:900606779; rev:1;)
alert tcp $HOME_NET any -> [189.146.41.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.41.71/; sid:900606780; rev:1;)
alert tcp $HOME_NET any -> [189.147.159.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.159.42/; sid:900606781; rev:1;)
alert tcp $HOME_NET any -> [189.135.16.92] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.16.92/; sid:900606782; rev:1;)
alert tcp $HOME_NET any -> [50.194.160.233] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606783; rev:1;)
alert tcp $HOME_NET any -> [178.62.205.130] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.205.130/; sid:900606784; rev:1;)
alert tcp $HOME_NET any -> [45.90.108.123] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.90.108.123/; sid:900606785; rev:1;)
alert tcp $HOME_NET any -> [198.199.98.78] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.98.78/; sid:900606786; rev:1;)
alert tcp $HOME_NET any -> [96.37.113.36] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.113.36/; sid:900606787; rev:1;)
alert tcp $HOME_NET any -> [103.82.211.39] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606788; rev:1;)
alert tcp $HOME_NET any -> [136.232.254.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.232.254.46/; sid:900606789; rev:1;)
alert tcp $HOME_NET any -> [115.96.62.113] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.62.113/; sid:900606790; rev:1;)
alert tcp $HOME_NET any -> [91.178.126.51] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.178.126.51/; sid:900606791; rev:1;)
alert tcp $HOME_NET any -> [122.60.71.201] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.60.71.201/; sid:900606792; rev:1;)
alert tcp $HOME_NET any -> [50.194.160.233] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606793; rev:1;)
alert tcp $HOME_NET any -> [50.194.160.233] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606794; rev:1;)
alert tcp $HOME_NET any -> [187.156.169.68] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.169.68/; sid:900606795; rev:1;)
alert tcp $HOME_NET any -> [103.82.211.39] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606796; rev:1;)
alert tcp $HOME_NET any -> [197.89.144.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.200/; sid:900606797; rev:1;)
alert tcp $HOME_NET any -> [196.207.140.40] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.207.140.40/; sid:900606798; rev:1;)
alert tcp $HOME_NET any -> [188.55.249.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.249.239/; sid:900606799; rev:1;)
alert tcp $HOME_NET any -> [213.60.210.85] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.60.210.85/; sid:900606800; rev:1;)
alert tcp $HOME_NET any -> [189.152.1.4] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.1.4/; sid:900606801; rev:1;)
alert tcp $HOME_NET any -> [174.76.17.43] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.76.17.43/; sid:900606802; rev:1;)
alert tcp $HOME_NET any -> [176.45.11.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.11.226/; sid:900606803; rev:1;)
alert tcp $HOME_NET any -> [65.100.174.110] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606804; rev:1;)
alert tcp $HOME_NET any -> [65.100.174.110] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.174.110/; sid:900606805; rev:1;)
alert tcp $HOME_NET any -> [187.75.66.160] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.75.66.160/; sid:900606806; rev:1;)
alert tcp $HOME_NET any -> [178.33.123.234] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.123.234/; sid:900606808; rev:1;)
alert tcp $HOME_NET any -> [136.143.11.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.143.11.232/; sid:900606809; rev:1;)
alert tcp $HOME_NET any -> [195.210.28.115] 7443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.210.28.115/; sid:900606810; rev:1;)
alert tcp $HOME_NET any -> [211.172.241.52] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.172.241.52/; sid:900606811; rev:1;)
alert tcp $HOME_NET any -> [103.82.211.39] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.82.211.39/; sid:900606812; rev:1;)
alert tcp $HOME_NET any -> [182.176.180.73] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.180.73/; sid:900606813; rev:1;)
alert tcp $HOME_NET any -> [81.213.59.22] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.59.22/; sid:900606816; rev:1;)
alert tcp $HOME_NET any -> [86.220.112.26] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.220.112.26/; sid:900606817; rev:1;)
alert tcp $HOME_NET any -> [49.206.29.127] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.206.29.127/; sid:900606818; rev:1;)
alert tcp $HOME_NET any -> [176.45.53.222] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.45.53.222/; sid:900606819; rev:1;)
alert tcp $HOME_NET any -> [105.198.236.99] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.198.236.99/; sid:900606820; rev:1;)
alert tcp $HOME_NET any -> [115.96.64.9] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.96.64.9/; sid:900606821; rev:1;)
alert tcp $HOME_NET any -> [103.143.8.71] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900606822; rev:1;)
alert tcp $HOME_NET any -> [78.191.38.33] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.38.33/; sid:900606823; rev:1;)
alert tcp $HOME_NET any -> [39.49.122.240] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.122.240/; sid:900606824; rev:1;)
alert tcp $HOME_NET any -> [37.210.155.239] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.155.239/; sid:900606825; rev:1;)
alert tcp $HOME_NET any -> [187.149.227.40] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.227.40/; sid:900606826; rev:1;)
alert tcp $HOME_NET any -> [201.172.31.95] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.31.95/; sid:900606827; rev:1;)
alert tcp $HOME_NET any -> [38.70.253.226] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.70.253.226/; sid:900606828; rev:1;)
alert tcp $HOME_NET any -> [24.231.209.2] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606829; rev:1;)
alert tcp $HOME_NET any -> [195.154.146.84] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.154.146.84/; sid:900606830; rev:1;)
alert tcp $HOME_NET any -> [157.245.222.44] 5723 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.222.44/; sid:900606831; rev:1;)
alert tcp $HOME_NET any -> [45.56.121.87] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.121.87/; sid:900606832; rev:1;)
alert tcp $HOME_NET any -> [24.231.209.2] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.209.2/; sid:900606833; rev:1;)
alert tcp $HOME_NET any -> [86.152.43.219] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.152.43.219/; sid:900606834; rev:1;)
alert tcp $HOME_NET any -> [197.89.144.102] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.102/; sid:900606835; rev:1;)
alert tcp $HOME_NET any -> [100.1.119.41] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.1.119.41/; sid:900606838; rev:1;)
alert tcp $HOME_NET any -> [201.137.10.225] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.10.225/; sid:900606839; rev:1;)
alert tcp $HOME_NET any -> [108.4.67.252] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.4.67.252/; sid:900606841; rev:1;)
alert tcp $HOME_NET any -> [123.252.190.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.252.190.14/; sid:900606843; rev:1;)
alert tcp $HOME_NET any -> [37.208.181.198] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606844; rev:1;)
alert tcp $HOME_NET any -> [129.208.147.188] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.147.188/; sid:900606845; rev:1;)
alert tcp $HOME_NET any -> [96.246.158.154] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.246.158.154/; sid:900606846; rev:1;)
alert tcp $HOME_NET any -> [41.235.69.115] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.69.115/; sid:900606847; rev:1;)
alert tcp $HOME_NET any -> [78.191.24.189] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.24.189/; sid:900606848; rev:1;)
alert tcp $HOME_NET any -> [103.150.40.76] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.150.40.76/; sid:900606849; rev:1;)
alert tcp $HOME_NET any -> [46.101.142.214] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.142.214/; sid:900606850; rev:1;)
alert tcp $HOME_NET any -> [207.180.220.242] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.220.242/; sid:900606851; rev:1;)
alert tcp $HOME_NET any -> [155.138.203.91] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.138.203.91/; sid:900606852; rev:1;)
alert tcp $HOME_NET any -> [62.210.116.97] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.116.97/; sid:900606854; rev:1;)
alert tcp $HOME_NET any -> [37.208.181.198] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.181.198/; sid:900606855; rev:1;)
alert tcp $HOME_NET any -> [187.156.134.254] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.134.254/; sid:900606858; rev:1;)
alert tcp $HOME_NET any -> [209.210.95.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900606859; rev:1;)
alert tcp $HOME_NET any -> [212.237.17.99] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.17.99/; sid:900606860; rev:1;)
alert tcp $HOME_NET any -> [176.28.17.160] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.28.17.160/; sid:900606861; rev:1;)
alert tcp $HOME_NET any -> [51.254.140.238] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.238/; sid:900606862; rev:1;)
alert tcp $HOME_NET any -> [207.246.112.221] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606865; rev:1;)
alert tcp $HOME_NET any -> [188.50.34.167] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.50.34.167/; sid:900606866; rev:1;)
alert tcp $HOME_NET any -> [45.9.20.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606867; rev:1;)
alert tcp $HOME_NET any -> [73.25.109.183] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.25.109.183/; sid:900606868; rev:1;)
alert tcp $HOME_NET any -> [207.246.112.221] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.246.112.221/; sid:900606869; rev:1;)
alert tcp $HOME_NET any -> [187.250.109.250] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.109.250/; sid:900606870; rev:1;)
alert tcp $HOME_NET any -> [87.242.20.233] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.242.20.233/; sid:900606871; rev:1;)
alert tcp $HOME_NET any -> [115.99.227.13] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.99.227.13/; sid:900606872; rev:1;)
alert tcp $HOME_NET any -> [27.5.5.31] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.5.31/; sid:900606873; rev:1;)
alert tcp $HOME_NET any -> [88.226.225.168] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.226.225.168/; sid:900606874; rev:1;)
alert tcp $HOME_NET any -> [149.28.99.97] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.99.97/; sid:900606875; rev:1;)
alert tcp $HOME_NET any -> [96.21.251.127] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.251.127/; sid:900606878; rev:1;)
alert tcp $HOME_NET any -> [86.120.85.209] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.120.85.209/; sid:900606879; rev:1;)
alert tcp $HOME_NET any -> [85.219.187.72] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.219.187.72/; sid:900606882; rev:1;)
alert tcp $HOME_NET any -> [86.98.1.197] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.1.197/; sid:900606883; rev:1;)
alert tcp $HOME_NET any -> [189.252.140.141] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.140.141/; sid:900606884; rev:1;)
alert tcp $HOME_NET any -> [197.89.144.19] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.144.19/; sid:900606885; rev:1;)
alert tcp $HOME_NET any -> [143.92.137.106] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.92.137.106/; sid:900606886; rev:1;)
alert tcp $HOME_NET any -> [39.49.45.250] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.45.250/; sid:900606887; rev:1;)
alert tcp $HOME_NET any -> [37.208.162.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.162.27/; sid:900606888; rev:1;)
alert tcp $HOME_NET any -> [86.97.8.178] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.178/; sid:900606889; rev:1;)
alert tcp $HOME_NET any -> [94.60.254.81] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.60.254.81/; sid:900606890; rev:1;)
alert tcp $HOME_NET any -> [77.255.12.88] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.255.12.88/; sid:900606891; rev:1;)
alert tcp $HOME_NET any -> [92.59.35.196] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.59.35.196/; sid:900606892; rev:1;)
alert tcp $HOME_NET any -> [87.99.107.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.99.107.124/; sid:900606893; rev:1;)
alert tcp $HOME_NET any -> [5.224.28.151] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.224.28.151/; sid:900606894; rev:1;)
alert tcp $HOME_NET any -> [85.226.176.123] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.226.176.123/; sid:900606895; rev:1;)
alert tcp $HOME_NET any -> [189.223.33.109] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.33.109/; sid:900606896; rev:1;)
alert tcp $HOME_NET any -> [85.54.179.210] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.179.210/; sid:900606897; rev:1;)
alert tcp $HOME_NET any -> [95.248.201.245] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.248.201.245/; sid:900606899; rev:1;)
alert tcp $HOME_NET any -> [79.160.207.214] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.160.207.214/; sid:900606900; rev:1;)
alert tcp $HOME_NET any -> [185.122.58.89] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.122.58.89/; sid:900606901; rev:1;)
alert tcp $HOME_NET any -> [136.144.131.189] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.144.131.189/; sid:900606902; rev:1;)
alert tcp $HOME_NET any -> [103.116.178.85] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606903; rev:1;)
alert tcp $HOME_NET any -> [87.109.246.232] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.109.246.232/; sid:900606904; rev:1;)
alert tcp $HOME_NET any -> [109.228.255.59] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.255.59/; sid:900606905; rev:1;)
alert tcp $HOME_NET any -> [70.93.80.154] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.93.80.154/; sid:900606906; rev:1;)
alert tcp $HOME_NET any -> [93.48.80.198] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.48.80.198/; sid:900606907; rev:1;)
alert tcp $HOME_NET any -> [111.250.36.194] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.36.194/; sid:900606908; rev:1;)
alert tcp $HOME_NET any -> [41.235.58.200] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.58.200/; sid:900606909; rev:1;)
alert tcp $HOME_NET any -> [117.248.109.38] 21 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.248.109.38/; sid:900606910; rev:1;)
alert tcp $HOME_NET any -> [75.169.58.229] 32100 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.169.58.229/; sid:900606911; rev:1;)
alert tcp $HOME_NET any -> [47.72.219.120] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.72.219.120/; sid:900606912; rev:1;)
alert tcp $HOME_NET any -> [38.10.199.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.10.199.26/; sid:900606913; rev:1;)
alert tcp $HOME_NET any -> [188.26.158.80] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.26.158.80/; sid:900606915; rev:1;)
alert tcp $HOME_NET any -> [185.56.219.47] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.56.219.47/; sid:900606916; rev:1;)
alert tcp $HOME_NET any -> [192.46.210.220] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.46.210.220/; sid:900606917; rev:1;)
alert tcp $HOME_NET any -> [143.244.140.214] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.244.140.214/; sid:900606918; rev:1;)
alert tcp $HOME_NET any -> [45.77.0.96] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.77.0.96/; sid:900606919; rev:1;)
alert tcp $HOME_NET any -> [54.37.202.209] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.202.209/; sid:900606920; rev:1;)
alert tcp $HOME_NET any -> [149.202.179.100] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.179.100/; sid:900606921; rev:1;)
alert tcp $HOME_NET any -> [81.0.236.89] 13786 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.89/; sid:900606922; rev:1;)
alert tcp $HOME_NET any -> [94.23.24.82] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.24.82/; sid:900606923; rev:1;)
alert tcp $HOME_NET any -> [185.53.147.51] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.147.51/; sid:900606924; rev:1;)
alert tcp $HOME_NET any -> [77.79.56.210] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.79.56.210/; sid:900606926; rev:1;)
alert tcp $HOME_NET any -> [109.133.93.127] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.133.93.127/; sid:900606927; rev:1;)
alert tcp $HOME_NET any -> [50.194.160.233] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.194.160.233/; sid:900606928; rev:1;)
alert tcp $HOME_NET any -> [103.116.178.85] 993 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900606929; rev:1;)
alert tcp $HOME_NET any -> [94.110.12.148] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.110.12.148/; sid:900606930; rev:1;)
alert tcp $HOME_NET any -> [89.107.190.111] 6225 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.107.190.111/; sid:900606932; rev:1;)
alert tcp $HOME_NET any -> [91.121.134.180] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.134.180/; sid:900606933; rev:1;)
alert tcp $HOME_NET any -> [194.36.28.190] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.190/; sid:900606934; rev:1;)
alert tcp $HOME_NET any -> [41.235.72.90] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.235.72.90/; sid:900606935; rev:1;)
alert tcp $HOME_NET any -> [188.55.243.60] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.55.243.60/; sid:900606936; rev:1;)
alert tcp $HOME_NET any -> [45.9.20.200] 2211 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.20.200/; sid:900606937; rev:1;)
alert tcp $HOME_NET any -> [216.238.71.31] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606938; rev:1;)
alert tcp $HOME_NET any -> [216.238.71.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.71.31/; sid:900606939; rev:1;)
alert tcp $HOME_NET any -> [72.252.201.69] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.69/; sid:900606940; rev:1;)
alert tcp $HOME_NET any -> [216.238.72.121] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606941; rev:1;)
alert tcp $HOME_NET any -> [216.238.72.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.238.72.121/; sid:900606942; rev:1;)
alert tcp $HOME_NET any -> [111.250.42.217] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.42.217/; sid:900606943; rev:1;)
alert tcp $HOME_NET any -> [187.121.124.134] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.124.134/; sid:900606944; rev:1;)
alert tcp $HOME_NET any -> [71.13.93.154] 6881 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606945; rev:1;)
alert tcp $HOME_NET any -> [181.99.138.132] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.132/; sid:900606946; rev:1;)
alert tcp $HOME_NET any -> [86.97.8.204] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.8.204/; sid:900606947; rev:1;)
alert tcp $HOME_NET any -> [37.187.114.15] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.114.15/; sid:900606950; rev:1;)
alert tcp $HOME_NET any -> [46.101.98.60] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.98.60/; sid:900606951; rev:1;)
alert tcp $HOME_NET any -> [104.248.155.133] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.155.133/; sid:900606952; rev:1;)
alert tcp $HOME_NET any -> [93.147.212.206] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.212.206/; sid:900606953; rev:1;)
alert tcp $HOME_NET any -> [103.74.143.53] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.74.143.53/; sid:900606954; rev:1;)
alert tcp $HOME_NET any -> [207.180.235.71] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.235.71/; sid:900606956; rev:1;)
alert tcp $HOME_NET any -> [104.130.140.69] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900606957; rev:1;)
alert tcp $HOME_NET any -> [51.79.166.3] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.166.3/; sid:900606958; rev:1;)
alert tcp $HOME_NET any -> [5.135.182.4] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.135.182.4/; sid:900606960; rev:1;)
alert tcp $HOME_NET any -> [71.13.93.154] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606961; rev:1;)
alert tcp $HOME_NET any -> [111.250.29.138] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.138/; sid:900606962; rev:1;)
alert tcp $HOME_NET any -> [71.13.93.154] 2083 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.93.154/; sid:900606963; rev:1;)
alert tcp $HOME_NET any -> [181.118.183.27] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.27/; sid:900606964; rev:1;)
alert tcp $HOME_NET any -> [190.73.3.148] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.3.148/; sid:900606965; rev:1;)
alert tcp $HOME_NET any -> [177.172.5.228] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.172.5.228/; sid:900606966; rev:1;)
alert tcp $HOME_NET any -> [189.135.98.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.98.193/; sid:900606967; rev:1;)
alert tcp $HOME_NET any -> [181.99.138.30] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.138.30/; sid:900606968; rev:1;)
alert tcp $HOME_NET any -> [185.30.32.33] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.30.32.33/; sid:900606969; rev:1;)
alert tcp $HOME_NET any -> [102.65.38.185] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.185/; sid:900606970; rev:1;)
alert tcp $HOME_NET any -> [176.115.83.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.115.83.179/; sid:900606971; rev:1;)
alert tcp $HOME_NET any -> [197.87.182.139] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.182.139/; sid:900606972; rev:1;)
alert tcp $HOME_NET any -> [189.147.249.20] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.249.20/; sid:900606973; rev:1;)
alert tcp $HOME_NET any -> [65.20.153.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.20.153.49/; sid:900606974; rev:1;)
alert tcp $HOME_NET any -> [202.36.49.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.36.49.75/; sid:900606975; rev:1;)
alert tcp $HOME_NET any -> [95.178.38.81] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.81/; sid:900606976; rev:1;)
alert tcp $HOME_NET any -> [200.83.98.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.98.31/; sid:900606977; rev:1;)
alert tcp $HOME_NET any -> [64.111.60.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.111.60.49/; sid:900606978; rev:1;)
alert tcp $HOME_NET any -> [202.51.122.163] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.122.163/; sid:900606979; rev:1;)
alert tcp $HOME_NET any -> [181.189.221.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.221.250/; sid:900606980; rev:1;)
alert tcp $HOME_NET any -> [88.148.122.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.192/; sid:900606981; rev:1;)
alert tcp $HOME_NET any -> [181.211.247.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.247.43/; sid:900606982; rev:1;)
alert tcp $HOME_NET any -> [222.252.61.23] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.252.61.23/; sid:900606983; rev:1;)
alert tcp $HOME_NET any -> [181.188.180.243] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.180.243/; sid:900606984; rev:1;)
alert tcp $HOME_NET any -> [116.90.234.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.234.82/; sid:900606985; rev:1;)
alert tcp $HOME_NET any -> [190.61.46.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.61.46.106/; sid:900606986; rev:1;)
alert tcp $HOME_NET any -> [138.36.200.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.36.200.227/; sid:900606987; rev:1;)
alert tcp $HOME_NET any -> [41.77.131.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.131.74/; sid:900606988; rev:1;)
alert tcp $HOME_NET any -> [45.221.8.225] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.221.8.225/; sid:900606989; rev:1;)
alert tcp $HOME_NET any -> [202.144.203.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.144.203.140/; sid:900606990; rev:1;)
alert tcp $HOME_NET any -> [95.178.35.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.140/; sid:900606991; rev:1;)
alert tcp $HOME_NET any -> [103.80.54.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.80.54.34/; sid:900606992; rev:1;)
alert tcp $HOME_NET any -> [177.86.90.105] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.86.90.105/; sid:900606993; rev:1;)
alert tcp $HOME_NET any -> [61.19.116.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.116.53/; sid:900606994; rev:1;)
alert tcp $HOME_NET any -> [91.234.132.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.234.132.24/; sid:900606995; rev:1;)
alert tcp $HOME_NET any -> [185.23.110.114] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.23.110.114/; sid:900606996; rev:1;)
alert tcp $HOME_NET any -> [95.178.35.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.35.162/; sid:900606997; rev:1;)
alert tcp $HOME_NET any -> [203.173.94.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.173.94.162/; sid:900606998; rev:1;)
alert tcp $HOME_NET any -> [136.228.129.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.228.129.179/; sid:900606999; rev:1;)
alert tcp $HOME_NET any -> [86.173.96.126] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.126/; sid:900607000; rev:1;)
alert tcp $HOME_NET any -> [177.37.161.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.37.161.136/; sid:900607001; rev:1;)
alert tcp $HOME_NET any -> [202.58.199.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.58.199.82/; sid:900607002; rev:1;)
alert tcp $HOME_NET any -> [88.148.122.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.148.122.16/; sid:900607003; rev:1;)
alert tcp $HOME_NET any -> [109.177.30.138] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.30.138/; sid:900607004; rev:1;)
alert tcp $HOME_NET any -> [103.255.73.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.73.146/; sid:900607005; rev:1;)
alert tcp $HOME_NET any -> [177.138.142.97] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.138.142.97/; sid:900607006; rev:1;)
alert tcp $HOME_NET any -> [191.36.151.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.36.151.129/; sid:900607007; rev:1;)
alert tcp $HOME_NET any -> [43.225.69.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.225.69.20/; sid:900607008; rev:1;)
alert tcp $HOME_NET any -> [181.112.49.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.49.170/; sid:900607009; rev:1;)
alert tcp $HOME_NET any -> [43.246.138.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.246.138.162/; sid:900607010; rev:1;)
alert tcp $HOME_NET any -> [200.201.185.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.201.185.194/; sid:900607011; rev:1;)
alert tcp $HOME_NET any -> [95.178.38.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.38.68/; sid:900607012; rev:1;)
alert tcp $HOME_NET any -> [171.235.33.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.235.33.211/; sid:900607013; rev:1;)
alert tcp $HOME_NET any -> [95.110.160.239] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.110.160.239/; sid:900607014; rev:1;)
alert tcp $HOME_NET any -> [198.61.167.176] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.167.176/; sid:900607015; rev:1;)
alert tcp $HOME_NET any -> [167.86.83.205] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.83.205/; sid:900607016; rev:1;)
alert tcp $HOME_NET any -> [5.196.213.55] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.213.55/; sid:900607017; rev:1;)
alert tcp $HOME_NET any -> [72.252.147.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607019; rev:1;)
alert tcp $HOME_NET any -> [88.234.20.155] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.234.20.155/; sid:900607020; rev:1;)
alert tcp $HOME_NET any -> [72.252.147.208] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.147.208/; sid:900607021; rev:1;)
alert tcp $HOME_NET any -> [189.147.225.12] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.225.12/; sid:900607022; rev:1;)
alert tcp $HOME_NET any -> [181.4.49.208] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.49.208/; sid:900607023; rev:1;)
alert tcp $HOME_NET any -> [83.223.164.163] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.223.164.163/; sid:900607024; rev:1;)
alert tcp $HOME_NET any -> [75.67.192.125] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.67.192.125/; sid:900607025; rev:1;)
alert tcp $HOME_NET any -> [41.37.243.129] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.37.243.129/; sid:900607026; rev:1;)
alert tcp $HOME_NET any -> [103.143.8.71] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.143.8.71/; sid:900607027; rev:1;)
alert tcp $HOME_NET any -> [129.208.156.253] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.156.253/; sid:900607028; rev:1;)
alert tcp $HOME_NET any -> [78.153.126.175] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.153.126.175/; sid:900607029; rev:1;)
alert tcp $HOME_NET any -> [5.44.57.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.57.191/; sid:900607031; rev:1;)
alert tcp $HOME_NET any -> [24.32.202.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.32.202.68/; sid:900607033; rev:1;)
alert tcp $HOME_NET any -> [102.65.38.57] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.65.38.57/; sid:900607034; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.74/; sid:900607036; rev:1;)
alert tcp $HOME_NET any -> [220.255.25.187] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.255.25.187/; sid:900607041; rev:1;)
alert tcp $HOME_NET any -> [111.250.56.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.56.31/; sid:900607042; rev:1;)
alert tcp $HOME_NET any -> [109.177.77.68] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.177.77.68/; sid:900607043; rev:1;)
alert tcp $HOME_NET any -> [181.118.183.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.31/; sid:900607044; rev:1;)
alert tcp $HOME_NET any -> [187.121.88.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.88.3/; sid:900607045; rev:1;)
alert tcp $HOME_NET any -> [188.27.119.243] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.27.119.243/; sid:900607046; rev:1;)
alert tcp $HOME_NET any -> [103.116.178.85] 61200 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.178.85/; sid:900607050; rev:1;)
alert tcp $HOME_NET any -> [5.9.14.91] 10933 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.14.91/; sid:900607051; rev:1;)
alert tcp $HOME_NET any -> [209.210.95.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.210.95.228/; sid:900607052; rev:1;)
alert tcp $HOME_NET any -> [45.184.36.10] 8172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.184.36.10/; sid:900607053; rev:1;)
alert tcp $HOME_NET any -> [173.249.28.143] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.28.143/; sid:900607054; rev:1;)
alert tcp $HOME_NET any -> [103.8.26.102] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.102/; sid:900607055; rev:1;)
alert tcp $HOME_NET any -> [103.8.26.103] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.26.103/; sid:900607056; rev:1;)
alert tcp $HOME_NET any -> [188.93.125.116] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.93.125.116/; sid:900607057; rev:1;)
alert tcp $HOME_NET any -> [45.76.176.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.76.176.10/; sid:900607058; rev:1;)
alert tcp $HOME_NET any -> [66.42.55.5] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.42.55.5/; sid:900607059; rev:1;)
alert tcp $HOME_NET any -> [81.0.236.93] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.236.93/; sid:900607060; rev:1;)
alert tcp $HOME_NET any -> [94.177.248.64] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.248.64/; sid:900607061; rev:1;)
alert tcp $HOME_NET any -> [168.197.250.14] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.197.250.14/; sid:900607062; rev:1;)
alert tcp $HOME_NET any -> [142.4.219.173] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.219.173/; sid:900607063; rev:1;)
alert tcp $HOME_NET any -> [185.148.169.10] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.169.10/; sid:900607064; rev:1;)
alert tcp $HOME_NET any -> [196.44.98.190] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.44.98.190/; sid:900607065; rev:1;)
alert tcp $HOME_NET any -> [51.178.61.60] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.61.60/; sid:900607066; rev:1;)
alert tcp $HOME_NET any -> [51.210.242.234] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.242.234/; sid:900607067; rev:1;)
alert tcp $HOME_NET any -> [177.72.80.14] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.72.80.14/; sid:900607068; rev:1;)
alert tcp $HOME_NET any -> [200.7.198.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.198.138/; sid:900607069; rev:1;)
alert tcp $HOME_NET any -> [212.175.98.171] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.175.98.171/; sid:900607070; rev:1;)
alert tcp $HOME_NET any -> [51.68.175.8] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.175.8/; sid:900607071; rev:1;)
alert tcp $HOME_NET any -> [210.57.217.132] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.57.217.132/; sid:900607072; rev:1;)
alert tcp $HOME_NET any -> [45.79.33.48] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.33.48/; sid:900607073; rev:1;)
alert tcp $HOME_NET any -> [163.172.50.82] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.50.82/; sid:900607076; rev:1;)
alert tcp $HOME_NET any -> [93.188.167.97] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.188.167.97/; sid:900607077; rev:1;)
alert tcp $HOME_NET any -> [103.161.172.108] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.161.172.108/; sid:900607078; rev:1;)
alert tcp $HOME_NET any -> [146.66.139.84] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.66.139.84/; sid:900607079; rev:1;)
alert tcp $HOME_NET any -> [78.191.45.163] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.45.163/; sid:900607081; rev:1;)
alert tcp $HOME_NET any -> [72.252.201.34] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607082; rev:1;)
alert tcp $HOME_NET any -> [181.118.183.60] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.183.60/; sid:900607083; rev:1;)
alert tcp $HOME_NET any -> [111.250.51.232] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.51.232/; sid:900607084; rev:1;)
alert tcp $HOME_NET any -> [86.97.160.193] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.160.193/; sid:900607085; rev:1;)
alert tcp $HOME_NET any -> [189.135.61.226] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.61.226/; sid:900607086; rev:1;)
alert tcp $HOME_NET any -> [72.252.201.34] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.252.201.34/; sid:900607087; rev:1;)
alert tcp $HOME_NET any -> [185.184.25.237] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.184.25.237/; sid:900607088; rev:1;)
alert tcp $HOME_NET any -> [202.29.239.161] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.161/; sid:900607089; rev:1;)
alert tcp $HOME_NET any -> [91.200.186.228] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.186.228/; sid:900607090; rev:1;)
alert tcp $HOME_NET any -> [191.252.196.221] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.252.196.221/; sid:900607091; rev:1;)
alert tcp $HOME_NET any -> [62.210.200.63] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.200.63/; sid:900607092; rev:1;)
alert tcp $HOME_NET any -> [54.37.70.105] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.70.105/; sid:900607093; rev:1;)
alert tcp $HOME_NET any -> [198.199.70.22] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.70.22/; sid:900607094; rev:1;)
alert tcp $HOME_NET any -> [164.68.99.3] 5007 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.99.3/; sid:900607095; rev:1;)
alert tcp $HOME_NET any -> [142.93.218.86] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.218.86/; sid:900607096; rev:1;)
alert tcp $HOME_NET any -> [31.220.49.39] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607098; rev:1;)
alert tcp $HOME_NET any -> [122.129.203.163] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.129.203.163/; sid:900607099; rev:1;)
alert tcp $HOME_NET any -> [73.171.4.177] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.171.4.177/; sid:900607101; rev:1;)
alert tcp $HOME_NET any -> [186.64.67.17] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.17/; sid:900607102; rev:1;)
alert tcp $HOME_NET any -> [5.189.150.29] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.150.29/; sid:900607103; rev:1;)
alert tcp $HOME_NET any -> [200.127.27.220] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.27.220/; sid:900607104; rev:1;)
alert tcp $HOME_NET any -> [5.193.134.177] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.193.134.177/; sid:900607105; rev:1;)
alert tcp $HOME_NET any -> [218.101.110.3] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.101.110.3/; sid:900607106; rev:1;)
alert tcp $HOME_NET any -> [194.36.28.26] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.28.26/; sid:900607107; rev:1;)
alert tcp $HOME_NET any -> [86.173.96.86] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.173.96.86/; sid:900607108; rev:1;)
alert tcp $HOME_NET any -> [87.120.37.231] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.231/; sid:900607109; rev:1;)
alert tcp $HOME_NET any -> [164.90.229.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.209/; sid:900607110; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.46/; sid:900607111; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.121] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.121/; sid:900607112; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.65] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.65/; sid:900607113; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.16] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.16/; sid:900607114; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.137] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.137/; sid:900607115; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.123/; sid:900607116; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.12/; sid:900607117; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.90] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.90/; sid:900607118; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.213] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.213/; sid:900607119; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.145] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.145/; sid:900607120; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.144] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.144/; sid:900607121; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.253/; sid:900607122; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.25/; sid:900607124; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.10] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.10/; sid:900607125; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.73] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.73/; sid:900607126; rev:1;)
alert tcp $HOME_NET any -> [161.35.205.250] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.205.250/; sid:900607127; rev:1;)
alert tcp $HOME_NET any -> [164.90.174.188] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.174.188/; sid:900607128; rev:1;)
alert tcp $HOME_NET any -> [164.90.166.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.166.155/; sid:900607129; rev:1;)
alert tcp $HOME_NET any -> [161.35.195.78] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.195.78/; sid:900607130; rev:1;)
alert tcp $HOME_NET any -> [64.225.98.255] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.255/; sid:900607131; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.131] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.131/; sid:900607132; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.246] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.246/; sid:900607133; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.119] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.119/; sid:900607134; rev:1;)
alert tcp $HOME_NET any -> [159.223.30.253] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.30.253/; sid:900607135; rev:1;)
alert tcp $HOME_NET any -> [46.101.144.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.144.128/; sid:900607136; rev:1;)
alert tcp $HOME_NET any -> [64.225.98.197] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.225.98.197/; sid:900607137; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.237/; sid:900607138; rev:1;)
alert tcp $HOME_NET any -> [167.99.242.155] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.242.155/; sid:900607139; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.2] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.2/; sid:900607140; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.152/; sid:900607141; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.178/; sid:900607142; rev:1;)
alert tcp $HOME_NET any -> [164.90.191.46] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.191.46/; sid:900607143; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.158/; sid:900607144; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.237] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.237/; sid:900607145; rev:1;)
alert tcp $HOME_NET any -> [149.28.98.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.98.49/; sid:900607146; rev:1;)
alert tcp $HOME_NET any -> [45.63.108.27] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.108.27/; sid:900607147; rev:1;)
alert tcp $HOME_NET any -> [206.188.196.201] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.196.201/; sid:900607148; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.179/; sid:900607149; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.210] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.210/; sid:900607150; rev:1;)
alert tcp $HOME_NET any -> [51.178.186.134] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.178.186.134/; sid:900607151; rev:1;)
alert tcp $HOME_NET any -> [51.91.142.158] 80 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.91.142.158/; sid:900607152; rev:1;)
alert tcp $HOME_NET any -> [178.79.144.87] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.144.87/; sid:900607153; rev:1;)
alert tcp $HOME_NET any -> [104.130.140.69] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.130.140.69/; sid:900607154; rev:1;)
alert tcp $HOME_NET any -> [51.79.205.117] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.205.117/; sid:900607155; rev:1;)
alert tcp $HOME_NET any -> [185.85.17.16] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.85.17.16/; sid:900607157; rev:1;)
alert tcp $HOME_NET any -> [50.21.183.143] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.183.143/; sid:900607158; rev:1;)
alert tcp $HOME_NET any -> [185.99.2.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.197/; sid:900607159; rev:1;)
alert tcp $HOME_NET any -> [75.188.35.168] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.35.168/; sid:900607160; rev:1;)
alert tcp $HOME_NET any -> [103.36.126.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.126.221/; sid:900607162; rev:1;)
alert tcp $HOME_NET any -> [117.220.229.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.220.229.162/; sid:900607163; rev:1;)
alert tcp $HOME_NET any -> [14.102.188.227] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.102.188.227/; sid:900607164; rev:1;)
alert tcp $HOME_NET any -> [45.116.106.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.116.106.45/; sid:900607165; rev:1;)
alert tcp $HOME_NET any -> [110.172.137.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.137.20/; sid:900607167; rev:1;)
alert tcp $HOME_NET any -> [144.91.110.219] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.219/; sid:900607168; rev:1;)
alert tcp $HOME_NET any -> [86.107.98.232] 8333 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.107.98.232/; sid:900607169; rev:1;)
alert tcp $HOME_NET any -> [188.165.214.166] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607170; rev:1;)
alert tcp $HOME_NET any -> [67.207.95.35] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.207.95.35/; sid:900607171; rev:1;)
alert tcp $HOME_NET any -> [129.208.184.37] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.184.37/; sid:900607172; rev:1;)
alert tcp $HOME_NET any -> [187.121.105.111] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.105.111/; sid:900607173; rev:1;)
alert tcp $HOME_NET any -> [111.250.0.147] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.0.147/; sid:900607174; rev:1;)
alert tcp $HOME_NET any -> [67.205.162.68] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.162.68/; sid:900607175; rev:1;)
alert tcp $HOME_NET any -> [31.220.49.39] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.220.49.39/; sid:900607176; rev:1;)
alert tcp $HOME_NET any -> [117.198.148.180] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.148.180/; sid:900607177; rev:1;)
alert tcp $HOME_NET any -> [78.191.52.30] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.191.52.30/; sid:900607178; rev:1;)
alert tcp $HOME_NET any -> [111.250.29.21] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.250.29.21/; sid:900607180; rev:1;)
alert tcp $HOME_NET any -> [39.49.95.46] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.49.95.46/; sid:900607181; rev:1;)
alert tcp $HOME_NET any -> [176.63.117.1] 22 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.117.1/; sid:900607182; rev:1;)
alert tcp $HOME_NET any -> [187.192.70.222] 80 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.70.222/; sid:900607183; rev:1;)
alert tcp $HOME_NET any -> [207.154.241.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.241.38/; sid:900607184; rev:1;)
alert tcp $HOME_NET any -> [167.99.243.36] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.243.36/; sid:900607185; rev:1;)
alert tcp $HOME_NET any -> [164.90.223.1] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.1/; sid:900607186; rev:1;)
alert tcp $HOME_NET any -> [164.90.223.38] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.38/; sid:900607187; rev:1;)
alert tcp $HOME_NET any -> [104.248.16.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.248.16.136/; sid:900607188; rev:1;)
alert tcp $HOME_NET any -> [164.90.223.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.223.13/; sid:900607189; rev:1;)
alert tcp $HOME_NET any -> [64.227.114.0] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.114.0/; sid:900607190; rev:1;)
alert tcp $HOME_NET any -> [167.172.165.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.165.125/; sid:900607191; rev:1;)
alert tcp $HOME_NET any -> [142.93.99.249] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.99.249/; sid:900607192; rev:1;)
alert tcp $HOME_NET any -> [134.209.240.181] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.240.181/; sid:900607193; rev:1;)
alert tcp $HOME_NET any -> [46.101.158.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.158.148/; sid:900607194; rev:1;)
alert tcp $HOME_NET any -> [164.90.237.7] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.237.7/; sid:900607195; rev:1;)
alert tcp $HOME_NET any -> [165.22.83.25] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.22.83.25/; sid:900607196; rev:1;)
alert tcp $HOME_NET any -> [167.172.101.84] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.101.84/; sid:900607197; rev:1;)
alert tcp $HOME_NET any -> [167.172.160.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.172.160.45/; sid:900607198; rev:1;)
alert tcp $HOME_NET any -> [206.81.23.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.23.138/; sid:900607199; rev:1;)
alert tcp $HOME_NET any -> [68.183.65.211] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.65.211/; sid:900607200; rev:1;)
alert tcp $HOME_NET any -> [161.35.223.199] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.223.199/; sid:900607201; rev:1;)
alert tcp $HOME_NET any -> [161.35.70.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.35.70.100/; sid:900607202; rev:1;)
alert tcp $HOME_NET any -> [164.90.229.166] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.229.166/; sid:900607203; rev:1;)
alert tcp $HOME_NET any -> [134.122.88.142] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.88.142/; sid:900607204; rev:1;)
alert tcp $HOME_NET any -> [165.232.65.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.65.245/; sid:900607205; rev:1;)
alert tcp $HOME_NET any -> [64.227.118.34] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.118.34/; sid:900607206; rev:1;)
alert tcp $HOME_NET any -> [165.227.162.47] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.162.47/; sid:900607207; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.171/; sid:900607208; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.236] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.236/; sid:900607209; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.244] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.244/; sid:900607210; rev:1;)
alert tcp $HOME_NET any -> [134.122.76.123] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.123/; sid:900607211; rev:1;)
alert tcp $HOME_NET any -> [134.122.76.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.178/; sid:900607212; rev:1;)
alert tcp $HOME_NET any -> [46.101.160.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.160.136/; sid:900607213; rev:1;)
alert tcp $HOME_NET any -> [46.101.200.191] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.200.191/; sid:900607214; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.203] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.203/; sid:900607215; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.241/; sid:900607216; rev:1;)
alert tcp $HOME_NET any -> [164.90.187.209] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.187.209/; sid:900607217; rev:1;)
alert tcp $HOME_NET any -> [164.90.221.57] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.221.57/; sid:900607218; rev:1;)
alert tcp $HOME_NET any -> [164.90.235.239] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.235.239/; sid:900607219; rev:1;)
alert tcp $HOME_NET any -> [165.232.78.100] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.78.100/; sid:900607220; rev:1;)
alert tcp $HOME_NET any -> [64.227.122.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.122.248/; sid:900607221; rev:1;)
alert tcp $HOME_NET any -> [164.90.175.226] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.175.226/; sid:900607222; rev:1;)
alert tcp $HOME_NET any -> [164.90.219.254] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.219.254/; sid:900607223; rev:1;)
alert tcp $HOME_NET any -> [206.81.27.39] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.27.39/; sid:900607224; rev:1;)
alert tcp $HOME_NET any -> [134.122.76.75] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.76.75/; sid:900607225; rev:1;)
alert tcp $HOME_NET any -> [164.90.213.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.219/; sid:900607226; rev:1;)
alert tcp $HOME_NET any -> [164.90.213.227] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.213.227/; sid:900607227; rev:1;)
alert tcp $HOME_NET any -> [159.223.21.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.223.21.94/; sid:900607228; rev:1;)
alert tcp $HOME_NET any -> [164.90.215.60] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.60/; sid:900607229; rev:1;)
alert tcp $HOME_NET any -> [64.227.116.94] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.227.116.94/; sid:900607230; rev:1;)
alert tcp $HOME_NET any -> [164.90.239.161] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.239.161/; sid:900607231; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.170/; sid:900607232; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.169] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.169/; sid:900607233; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.138/; sid:900607234; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.108] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.108/; sid:900607235; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.136] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.136/; sid:900607236; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.51] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.51/; sid:900607237; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.178] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.178/; sid:900607238; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.67/; sid:900607239; rev:1;)
alert tcp $HOME_NET any -> [87.121.52.230] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.230/; sid:900607240; rev:1;)
alert tcp $HOME_NET any -> [87.120.37.77] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.77/; sid:900607241; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.109] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.109/; sid:900607242; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.245/; sid:900607243; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.129] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.129/; sid:900607244; rev:1;)
alert tcp $HOME_NET any -> [87.121.52.247] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.247/; sid:900607245; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.189] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.189/; sid:900607246; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.32] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.32/; sid:900607247; rev:1;)
alert tcp $HOME_NET any -> [87.121.52.192] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.192/; sid:900607248; rev:1;)
alert tcp $HOME_NET any -> [87.120.37.183] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.183/; sid:900607249; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.158/; sid:900607250; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.234] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.234/; sid:900607251; rev:1;)
alert tcp $HOME_NET any -> [185.158.249.238] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.158.249.238/; sid:900607252; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.252] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.252/; sid:900607253; rev:1;)
alert tcp $HOME_NET any -> [87.121.52.173] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.121.52.173/; sid:900607254; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.6] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.6/; sid:900607255; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.13] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.13/; sid:900607256; rev:1;)
alert tcp $HOME_NET any -> [170.130.55.98] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.130.55.98/; sid:900607257; rev:1;)
alert tcp $HOME_NET any -> [87.120.254.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.254.96/; sid:900607258; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.177] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.177/; sid:900607259; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.241] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.241/; sid:900607260; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.171] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.171/; sid:900607261; rev:1;)
alert tcp $HOME_NET any -> [91.92.109.14] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.109.14/; sid:900607262; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.112] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.112/; sid:900607263; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.101] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.101/; sid:900607264; rev:1;)
alert tcp $HOME_NET any -> [134.122.64.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.122.64.170/; sid:900607265; rev:1;)
alert tcp $HOME_NET any -> [164.90.215.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.215.29/; sid:900607266; rev:1;)
alert tcp $HOME_NET any -> [165.232.68.221] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.68.221/; sid:900607267; rev:1;)
alert tcp $HOME_NET any -> [159.89.6.29] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.89.6.29/; sid:900607268; rev:1;)
alert tcp $HOME_NET any -> [165.232.78.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.232.78.45/; sid:900607269; rev:1;)
alert tcp $HOME_NET any -> [164.90.183.223] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.183.223/; sid:900607270; rev:1;)
alert tcp $HOME_NET any -> [87.120.37.122] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.37.122/; sid:900607271; rev:1;)
alert tcp $HOME_NET any -> [87.120.8.170] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.120.8.170/; sid:900607272; rev:1;)
alert tcp $HOME_NET any -> [31.13.195.152] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.13.195.152/; sid:900607273; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.71] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.71/; sid:900607274; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.153] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.153/; sid:900607275; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.139] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.139/; sid:900607276; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.219] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.219/; sid:900607277; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.248] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.248/; sid:900607278; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.96] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.96/; sid:900607279; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.99] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.99/; sid:900607280; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.240] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.240/; sid:900607281; rev:1;)
alert tcp $HOME_NET any -> [45.61.136.128] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.61.136.128/; sid:900607282; rev:1;)
alert tcp $HOME_NET any -> [167.71.11.125] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.11.125/; sid:900607283; rev:1;)
alert tcp $HOME_NET any -> [86.123.105.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.105.31/; sid:900607284; rev:1;)
alert tcp $HOME_NET any -> [185.148.168.15] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.148.168.15/; sid:900607285; rev:1;)
alert tcp $HOME_NET any -> [107.170.4.227] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.4.227/; sid:900607286; rev:1;)
alert tcp $HOME_NET any -> [64.251.25.156] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.251.25.156/; sid:900607287; rev:1;)
alert tcp $HOME_NET any -> [178.128.222.53] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.222.53/; sid:900607288; rev:1;)
alert tcp $HOME_NET any -> [39.33.218.78] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.33.218.78/; sid:900607289; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.88] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.88/; sid:900607290; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.53] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.53/; sid:900607291; rev:1;)
alert tcp $HOME_NET any -> [41.76.108.46] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.108.46/; sid:900607292; rev:1;)
alert tcp $HOME_NET any -> [188.165.214.166] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.214.166/; sid:900607294; rev:1;)
alert tcp $HOME_NET any -> [117.54.140.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.54.140.98/; sid:900607295; rev:1;)
alert tcp $HOME_NET any -> [188.40.33.77] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.33.77/; sid:900607296; rev:1;)
alert tcp $HOME_NET any -> [45.63.36.79] 8194 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.36.79/; sid:900607297; rev:1;)
alert tcp $HOME_NET any -> [45.79.80.198] 9676 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.80.198/; sid:900607298; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.12] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.12/; sid:900607299; rev:1;)
alert tcp $HOME_NET any -> [217.165.237.42] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.237.42/; sid:900607300; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.245] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.245/; sid:900607301; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.217] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.217/; sid:900607302; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.20] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.20/; sid:900607303; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.67] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.67/; sid:900607304; rev:1;)
alert tcp $HOME_NET any -> [27.5.4.111] 2222 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.5.4.111/; sid:900607305; rev:1;)
alert tcp $HOME_NET any -> [189.135.21.162] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.21.162/; sid:900607306; rev:1;)
alert tcp $HOME_NET any -> [189.147.174.121] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.174.121/; sid:900607307; rev:1;)
alert tcp $HOME_NET any -> [86.97.10.14] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.10.14/; sid:900607308; rev:1;)
alert tcp $HOME_NET any -> [51.68.138.110] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.138.110/; sid:900607309; rev:1;)
alert tcp $HOME_NET any -> [23.253.208.162] 9217 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.208.162/; sid:900607310; rev:1;)
alert tcp $HOME_NET any -> [206.189.150.190] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.150.190/; sid:900607311; rev:1;)
alert tcp $HOME_NET any -> [103.109.247.10] 10443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.247.10/; sid:900607312; rev:1;)
alert tcp $HOME_NET any -> [200.114.247.160] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.247.160/; sid:900607313; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.229] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.229/; sid:900607315; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.49] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.49/; sid:900607316; rev:1;)
alert tcp $HOME_NET any -> [174.20.72.123] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.20.72.123/; sid:900607318; rev:1;)
alert tcp $HOME_NET any -> [117.198.156.228] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.156.228/; sid:900607319; rev:1;)
alert tcp $HOME_NET any -> [45.63.5.129] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.5.129/; sid:900607321; rev:1;)
alert tcp $HOME_NET any -> [128.199.192.135] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.192.135/; sid:900607322; rev:1;)
alert tcp $HOME_NET any -> [46.55.222.11] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.55.222.11/; sid:900607323; rev:1;)
alert tcp $HOME_NET any -> [104.245.52.73] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.245.52.73/; sid:900607324; rev:1;)
alert tcp $HOME_NET any -> [62.171.184.244] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.171.184.244/; sid:900607325; rev:1;)
alert tcp $HOME_NET any -> [62.210.82.223] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.82.223/; sid:900607326; rev:1;)
alert tcp $HOME_NET any -> [142.93.66.245] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.66.245/; sid:900607327; rev:1;)
alert tcp $HOME_NET any -> [119.59.125.140] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.125.140/; sid:900607328; rev:1;)
alert tcp $HOME_NET any -> [81.223.127.86] 10172 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.223.127.86/; sid:900607329; rev:1;)
alert tcp $HOME_NET any -> [186.64.67.31] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.67.31/; sid:900607330; rev:1;)
alert tcp $HOME_NET any -> [189.135.34.124] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.34.124/; sid:900607331; rev:1;)
alert tcp $HOME_NET any -> [129.208.154.145] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.208.154.145/; sid:900607332; rev:1;)
alert tcp $HOME_NET any -> [45.79.248.254] 2222 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.248.254/; sid:900607333; rev:1;)
alert tcp $HOME_NET any -> [94.177.217.88] 808 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.217.88/; sid:900607334; rev:1;)
alert tcp $HOME_NET any -> [144.91.110.55] 3978 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.110.55/; sid:900607335; rev:1;)
alert tcp $HOME_NET any -> [149.56.106.83] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.56.106.83/; sid:900607336; rev:1;)
alert tcp $HOME_NET any -> [185.4.135.165] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.4.135.165/; sid:900607337; rev:1;)
alert tcp $HOME_NET any -> [78.180.170.159] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.180.170.159/; sid:900607338; rev:1;)
alert tcp $HOME_NET any -> [172.104.227.98] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.227.98/; sid:900607339; rev:1;)
alert tcp $HOME_NET any -> [31.207.89.74] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.207.89.74/; sid:900607340; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.194] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.194/; sid:900607341; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.69] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.69/; sid:900607342; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.196] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.196/; sid:900607343; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.35] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.35/; sid:900607344; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.158] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.158/; sid:900607345; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.45] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.45/; sid:900607346; rev:1;)
alert tcp $HOME_NET any -> [189.252.173.60] 32101 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.173.60/; sid:900607347; rev:1;)
alert tcp $HOME_NET any -> [187.121.121.141] 995 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.121.121.141/; sid:900607348; rev:1;)
alert tcp $HOME_NET any -> [181.4.52.159] 465 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.4.52.159/; sid:900607349; rev:1;)
alert tcp $HOME_NET any -> [209.239.112.82] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.112.82/; sid:900607350; rev:1;)
alert tcp $HOME_NET any -> [116.124.128.206] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.124.128.206/; sid:900607351; rev:1;)
alert tcp $HOME_NET any -> [51.159.35.157] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.159.35.157/; sid:900607352; rev:1;)
alert tcp $HOME_NET any -> [207.180.228.237] 8081 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.228.237/; sid:900607353; rev:1;)
alert tcp $HOME_NET any -> [51.75.33.120] 443 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900607354; rev:1;)
alert tcp $HOME_NET any -> [109.75.64.100] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.75.64.100/; sid:900607355; rev:1;)
alert tcp $HOME_NET any -> [198.27.67.35] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.67.35/; sid:900607356; rev:1;)
alert tcp $HOME_NET any -> [104.238.138.234] 7080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.138.234/; sid:900607357; rev:1;)
alert tcp $HOME_NET any -> [202.29.237.113] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.237.113/; sid:900607358; rev:1;)
alert tcp $HOME_NET any -> [207.210.201.159] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.210.201.159/; sid:900607359; rev:1;)
alert tcp $HOME_NET any -> [164.90.159.54] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.90.159.54/; sid:900607360; rev:1;)
alert tcp $HOME_NET any -> [91.207.181.106] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.181.106/; sid:900607361; rev:1;)
alert tcp $HOME_NET any -> [102.177.192.60] 8080 (msg:"Feodo Tracker: potential Emotet CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.177.192.60/; sid:900607362; rev:1;)
alert tcp $HOME_NET any -> [197.89.12.237] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.12.237/; sid:900607363; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.148] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.148/; sid:900607364; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.216] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.216/; sid:900607365; rev:1;)
alert tcp $HOME_NET any -> [162.33.179.50] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.179.50/; sid:900607366; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.97] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.97/; sid:900607367; rev:1;)
alert tcp $HOME_NET any -> [186.64.87.195] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.87.195/; sid:900607369; rev:1;)
alert tcp $HOME_NET any -> [162.33.177.179] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.177.179/; sid:900607370; rev:1;)
alert tcp $HOME_NET any -> [86.190.203.103] 443 (msg:"Feodo Tracker: potential QakBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.190.203.103/; sid:900607371; rev:1;)
alert tcp $HOME_NET any -> [186.250.48.117] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.48.117/; sid:900607372; rev:1;)
alert tcp $HOME_NET any -> [92.240.254.110] 6602 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.240.254.110/; sid:900607373; rev:1;)
alert tcp $HOME_NET any -> [129.232.146.250] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.146.250/; sid:900607375; rev:1;)
alert tcp $HOME_NET any -> [103.47.60.57] 5228 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.47.60.57/; sid:900607376; rev:1;)
alert tcp $HOME_NET any -> [86.49.161.18] 9043 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.49.161.18/; sid:900607377; rev:1;)
alert tcp $HOME_NET any -> [83.138.53.138] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.138.53.138/; sid:900607378; rev:1;)
alert tcp $HOME_NET any -> [162.33.178.30] 443 (msg:"Feodo Tracker: potential BazarLoader CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.33.178.30/; sid:900607379; rev:1;)
alert tcp $HOME_NET any -> [151.106.39.36] 8116 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.106.39.36/; sid:900607380; rev:1;)
alert tcp $HOME_NET any -> [172.105.78.60] 4664 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.78.60/; sid:900607381; rev:1;)
alert tcp $HOME_NET any -> [23.246.204.126] 443 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.246.204.126/; sid:900607382; rev:1;)
alert tcp $HOME_NET any -> [103.124.144.123] 6891 (msg:"Feodo Tracker: potential Dridex CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.124.144.123/; sid:900607383; rev:1;)
# END 1872 entries