#
# Emerging Threats Botnet Command and Control drop rules. 
#
# These are generated from the EXCELLENT work done by the Shadowserver team and
# the CZ Honeynet project.
#
#  http://www.shadowserver.org
#  http://www.honeynet.cz
#
#
# SID's are 2410000+ to avoid conflicts
#
# More information available at www.emergingthreats.net
#
# Please submit any custom rules or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
alert tcp $HOME_NET any <> [109.169.18.86,109.169.40.192,109.196.130.50,109.235.254.251,109.73.162.124,109.74.195.116,109.74.196.127,109.74.200.40,109.74.204.11,109.74.205.10] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 1) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404000; rev:2033;)
alert udp $HOME_NET any <> [109.169.18.86,109.169.40.192,109.196.130.50,109.235.254.251,109.73.162.124,109.74.195.116,109.74.196.127,109.74.200.40,109.74.204.11,109.74.205.10] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 1) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404001; rev:2033;)
alert tcp $HOME_NET any <> [114.113.158.85,114.141.10.71,114.141.10.99,114.207.246.180,115.146.126.26,115.165.178.40,117.121.245.26,118.101.190.59,118.129.166.50,118.217.217.48] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 2) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404002; rev:2033;)
alert udp $HOME_NET any <> [114.113.158.85,114.141.10.71,114.141.10.99,114.207.246.180,115.146.126.26,115.165.178.40,117.121.245.26,118.101.190.59,118.129.166.50,118.217.217.48] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 2) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404003; rev:2033;)
alert tcp $HOME_NET any <> [122.155.6.191,124.217.248.176,124.30.135.161,124.40.3.92,125.160.17.71,125.160.17.72,125.5.112.185,128.121.20.113,128.194.112.48,128.39.2.28] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 3) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404004; rev:2033;)
alert udp $HOME_NET any <> [122.155.6.191,124.217.248.176,124.30.135.161,124.40.3.92,125.160.17.71,125.160.17.72,125.5.112.185,128.121.20.113,128.194.112.48,128.39.2.28] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 3) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404005; rev:2033;)
alert tcp $HOME_NET any <> [128.39.65.230,129.132.80.41,130.104.58.241,130.237.188.216,130.239.18.157,130.240.22.202,137.194.15.141,137.229.242.129,139.175.160.252,139.4.88.86] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 4) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404006; rev:2033;)
alert udp $HOME_NET any <> [128.39.65.230,129.132.80.41,130.104.58.241,130.237.188.216,130.239.18.157,130.240.22.202,137.194.15.141,137.229.242.129,139.175.160.252,139.4.88.86] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 4) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404007; rev:2033;)
alert tcp $HOME_NET any <> [139.91.102.101,140.112.234.254,140.130.142.8,140.211.166.64,143.248.247.248,145.89.150.59,147.102.159.9,147.127.160.120,147.32.105.247,147.32.127.200] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 5) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404008; rev:2033;)
alert udp $HOME_NET any <> [139.91.102.101,140.112.234.254,140.130.142.8,140.211.166.64,143.248.247.248,145.89.150.59,147.102.159.9,147.127.160.120,147.32.105.247,147.32.127.200] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 5) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404009; rev:2033;)
alert tcp $HOME_NET any <> [147.52.181.9,151.189.0.165,157.159.40.167,157.181.161.60,157.22.132.17,158.36.131.20,158.38.8.251,160.228.152.2,161.132.162.136,163.17.167.1] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 6) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404010; rev:2033;)
alert udp $HOME_NET any <> [147.52.181.9,151.189.0.165,157.159.40.167,157.181.161.60,157.22.132.17,158.36.131.20,158.38.8.251,160.228.152.2,161.132.162.136,163.17.167.1] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 6) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404011; rev:2033;)
alert tcp $HOME_NET any <> [163.19.14.2,163.5.42.66,166.84.136.27,168.144.18.200,173.192.235.106,173.203.28.161,173.204.1.116,173.204.1.117,173.208.151.249,173.208.151.65] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 7) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404012; rev:2033;)
alert udp $HOME_NET any <> [163.19.14.2,163.5.42.66,166.84.136.27,168.144.18.200,173.192.235.106,173.203.28.161,173.204.1.116,173.204.1.117,173.208.151.249,173.208.151.65] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 7) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404013; rev:2033;)
alert tcp $HOME_NET any <> [173.208.151.69,173.208.165.91,173.208.34.240,173.208.34.253,173.208.34.74,173.208.34.9,173.208.68.20,173.208.68.21,173.212.192.147,173.224.208.74] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 8) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404014; rev:2033;)
alert udp $HOME_NET any <> [173.208.151.69,173.208.165.91,173.208.34.240,173.208.34.253,173.208.34.74,173.208.34.9,173.208.68.20,173.208.68.21,173.212.192.147,173.224.208.74] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 8) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404015; rev:2033;)
alert tcp $HOME_NET any <> [173.224.219.51,173.224.220.9,173.230.152.54,173.230.155.175,173.236.62.20,173.236.97.41,173.244.200.219,173.244.200.220,173.244.200.229,173.244.73.78] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 9) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404016; rev:2033;)
alert udp $HOME_NET any <> [173.224.219.51,173.224.220.9,173.230.152.54,173.230.155.175,173.236.62.20,173.236.97.41,173.244.200.219,173.244.200.220,173.244.200.229,173.244.73.78] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 9) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404017; rev:2033;)
alert tcp $HOME_NET any <> [173.45.244.47,174.121.157.28,174.129.231.136,174.133.173.90,174.133.57.54,174.133.98.194,174.139.16.131,174.143.119.91,174.143.153.165,174.143.170.208] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 10) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404018; rev:2033;)
alert udp $HOME_NET any <> [173.45.244.47,174.121.157.28,174.129.231.136,174.133.173.90,174.133.57.54,174.133.98.194,174.139.16.131,174.143.119.91,174.143.153.165,174.143.170.208] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 10) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404019; rev:2033;)
alert tcp $HOME_NET any <> [174.143.208.107,174.143.215.13,174.34.175.180,174.34.187.36,175.107.158.176,178.162.176.108,178.216.48.59,178.216.49.100,178.32.92.242,178.33.137.15] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 11) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404020; rev:2033;)
alert udp $HOME_NET any <> [174.143.208.107,174.143.215.13,174.34.175.180,174.34.187.36,175.107.158.176,178.162.176.108,178.216.48.59,178.216.49.100,178.32.92.242,178.33.137.15] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 11) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404021; rev:2033;)
alert tcp $HOME_NET any <> [178.63.145.19,178.63.252.111,178.63.79.74,178.79.134.133,180.210.205.129,184.105.208.121,184.105.208.20,184.106.202.49,184.106.204.243,184.82.33.34] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 12) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404022; rev:2033;)
alert udp $HOME_NET any <> [178.63.145.19,178.63.252.111,178.63.79.74,178.79.134.133,180.210.205.129,184.105.208.121,184.105.208.20,184.106.202.49,184.106.204.243,184.82.33.34] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 12) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404023; rev:2033;)
alert tcp $HOME_NET any <> [184.82.37.136,188.138.55.64,188.165.164.16,188.165.164.199,188.165.164.29,188.165.164.50,188.165.47.211,188.165.69.151,188.165.74.80,188.165.75.174] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 13) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404024; rev:2033;)
alert udp $HOME_NET any <> [184.82.37.136,188.138.55.64,188.165.164.16,188.165.164.199,188.165.164.29,188.165.164.50,188.165.47.211,188.165.69.151,188.165.74.80,188.165.75.174] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 13) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404025; rev:2033;)
alert tcp $HOME_NET any <> [188.40.133.182,188.40.187.177,188.40.40.138,188.65.49.11,188.72.203.177,188.72.203.186,188.72.203.236,188.72.203.237,188.72.205.52,188.72.211.203] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 14) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404026; rev:2033;)
alert udp $HOME_NET any <> [188.40.133.182,188.40.187.177,188.40.40.138,188.65.49.11,188.72.203.177,188.72.203.186,188.72.203.236,188.72.203.237,188.72.205.52,188.72.211.203] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 14) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404027; rev:2033;)
alert tcp $HOME_NET any <> [188.72.216.21,188.72.230.254,189.114.212.130,189.19.241.193,189.74.8.98,189.75.179.204,190.120.227.36,190.120.228.216,190.120.230.108,190.120.230.28] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 15) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404028; rev:2033;)
alert udp $HOME_NET any <> [188.72.216.21,188.72.230.254,189.114.212.130,189.19.241.193,189.74.8.98,189.75.179.204,190.120.227.36,190.120.228.216,190.120.230.108,190.120.230.28] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 15) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404029; rev:2033;)
alert tcp $HOME_NET any <> [190.120.238.63,190.121.98.152,190.246.79.15,190.247.244.24,190.255.46.171,192.219.30.200,192.75.207.148,193.104.35.224,193.107.16.123,193.107.16.208] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 16) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404030; rev:2033;)
alert udp $HOME_NET any <> [190.120.238.63,190.121.98.152,190.246.79.15,190.247.244.24,190.255.46.171,192.219.30.200,192.75.207.148,193.104.35.224,193.107.16.123,193.107.16.208] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 16) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404031; rev:2033;)
alert tcp $HOME_NET any <> [193.136.14.185,193.136.216.101,193.138.229.18,193.188.71.66,193.19.210.1,193.27.229.245,193.33.186.129,193.33.186.133,193.34.69.109,193.41.200.151] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 17) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404032; rev:2033;)
alert udp $HOME_NET any <> [193.136.14.185,193.136.216.101,193.138.229.18,193.188.71.66,193.19.210.1,193.27.229.245,193.33.186.129,193.33.186.133,193.34.69.109,193.41.200.151] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 17) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404033; rev:2033;)
alert tcp $HOME_NET any <> [193.68.150.140,193.71.194.17,193.71.199.6,193.85.232.219,193.88.14.99,194.109.129.222,194.109.20.90,194.109.206.106,194.109.206.107,194.109.64.131] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 18) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404034; rev:2033;)
alert udp $HOME_NET any <> [193.68.150.140,193.71.194.17,193.71.199.6,193.85.232.219,193.88.14.99,194.109.129.222,194.109.20.90,194.109.206.106,194.109.206.107,194.109.64.131] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 18) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404035; rev:2033;)
alert tcp $HOME_NET any <> [194.116.175.230,194.117.246.5,194.124.229.58,194.124.229.59,194.126.217.2,194.135.22.24,194.146.132.68,194.149.73.154,194.149.73.161,194.149.73.55] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 19) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404036; rev:2033;)
alert udp $HOME_NET any <> [194.116.175.230,194.117.246.5,194.124.229.58,194.124.229.59,194.126.217.2,194.135.22.24,194.146.132.68,194.149.73.154,194.149.73.161,194.149.73.55] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 19) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404037; rev:2033;)
alert tcp $HOME_NET any <> [194.149.73.80,194.151.83.115,194.199.165.9,194.204.14.151,194.225.75.26,194.30.220.85,194.71.109.236,195.110.9.187,195.13.58.57,195.14.157.58] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 20) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404038; rev:2033;)
alert udp $HOME_NET any <> [194.149.73.80,194.151.83.115,194.199.165.9,194.204.14.151,194.225.75.26,194.30.220.85,194.71.109.236,195.110.9.187,195.13.58.57,195.14.157.58] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 20) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404039; rev:2033;)
alert tcp $HOME_NET any <> [195.140.202.142,195.169.138.124,195.178.184.75,195.19.104.14,195.19.225.237,195.2.117.33,195.210.181.100,195.22.37.163,195.222.70.238,195.225.204.134] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 21) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404040; rev:2033;)
alert udp $HOME_NET any <> [195.140.202.142,195.169.138.124,195.178.184.75,195.19.104.14,195.19.225.237,195.2.117.33,195.210.181.100,195.22.37.163,195.222.70.238,195.225.204.134] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 21) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404041; rev:2033;)
alert tcp $HOME_NET any <> [195.225.204.21,195.225.204.227,195.23.131.68,195.251.123.232,195.28.165.168,195.28.165.201,195.28.191.146,195.43.138.206,195.50.191.12,195.50.191.14] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 22) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404042; rev:2033;)
alert udp $HOME_NET any <> [195.225.204.21,195.225.204.227,195.23.131.68,195.251.123.232,195.28.165.168,195.28.165.201,195.28.191.146,195.43.138.206,195.50.191.12,195.50.191.14] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 22) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404043; rev:2033;)
alert tcp $HOME_NET any <> [195.54.159.109,195.54.16.65,195.68.206.250,195.70.51.164,195.8.250.180,195.8.251.35,195.85.200.10,195.85.200.11,195.85.200.12,195.85.200.13] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 23) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404044; rev:2033;)
alert udp $HOME_NET any <> [195.54.159.109,195.54.16.65,195.68.206.250,195.70.51.164,195.8.250.180,195.8.251.35,195.85.200.10,195.85.200.11,195.85.200.12,195.85.200.13] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 23) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404045; rev:2033;)
alert tcp $HOME_NET any <> [195.85.200.14,195.85.200.15,195.85.200.16,195.88.32.64,195.93.153.31,195.93.153.39,195.93.153.46,196.2.17.10,196.21.193.11,196.34.88.5] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 24) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404046; rev:2033;)
alert udp $HOME_NET any <> [195.85.200.14,195.85.200.15,195.85.200.16,195.88.32.64,195.93.153.31,195.93.153.39,195.93.153.46,196.2.17.10,196.21.193.11,196.34.88.5] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 24) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404047; rev:2033;)
alert tcp $HOME_NET any <> [198.104.53.32,198.252.144.2,198.252.195.2,198.3.160.3,198.63.42.93,198.87.3.75,200.175.44.161,200.203.192.50,200.204.245.212,200.23.149.144] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 25) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404048; rev:2033;)
alert udp $HOME_NET any <> [198.104.53.32,198.252.144.2,198.252.195.2,198.3.160.3,198.63.42.93,198.87.3.75,200.175.44.161,200.203.192.50,200.204.245.212,200.23.149.144] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 25) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404049; rev:2033;)
alert tcp $HOME_NET any <> [200.241.5.131,200.29.0.66,200.35.146.60,200.35.147.227,200.35.150.156,200.37.16.187,200.42.96.36,200.45.0.67,200.59.145.199,200.59.187.18] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 26) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404050; rev:2033;)
alert udp $HOME_NET any <> [200.241.5.131,200.29.0.66,200.35.146.60,200.35.147.227,200.35.150.156,200.37.16.187,200.42.96.36,200.45.0.67,200.59.145.199,200.59.187.18] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 26) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404051; rev:2033;)
alert tcp $HOME_NET any <> [200.60.110.11,200.62.55.202,200.69.47.60,200.83.0.116,200.85.60.190,200.88.128.147,200.88.181.73,200.88.215.162,200.88.222.45,200.93.204.60] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 27) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404052; rev:2033;)
alert udp $HOME_NET any <> [200.60.110.11,200.62.55.202,200.69.47.60,200.83.0.116,200.85.60.190,200.88.128.147,200.88.181.73,200.88.215.162,200.88.222.45,200.93.204.60] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 27) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404053; rev:2033;)
alert tcp $HOME_NET any <> [201.116.64.5,201.122.94.238,201.210.30.132,201.218.128.67,201.30.215.209,202.127.217.178,202.155.238.108,202.158.3.23,202.170.81.163,202.181.97.176] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 28) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404054; rev:2033;)
alert udp $HOME_NET any <> [201.116.64.5,201.122.94.238,201.210.30.132,201.218.128.67,201.30.215.209,202.127.217.178,202.155.238.108,202.158.3.23,202.170.81.163,202.181.97.176] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 28) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404055; rev:2033;)
alert tcp $HOME_NET any <> [202.207.192.110,202.216.136.130,202.222.18.88,202.64.139.214,202.73.11.63,202.91.34.9,202.91.37.40,203.113.137.164,203.116.63.82,203.116.63.89] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 29) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404056; rev:2033;)
alert udp $HOME_NET any <> [202.207.192.110,202.216.136.130,202.222.18.88,202.64.139.214,202.73.11.63,202.91.34.9,202.91.37.40,203.113.137.164,203.116.63.82,203.116.63.89] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 29) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404057; rev:2033;)
alert tcp $HOME_NET any <> [203.136.50.155,203.141.153.236,203.141.249.71,203.150.2.225,203.170.145.6,203.200.166.38,203.209.167.182,203.209.167.221,203.80.238.185,203.94.228.49] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 30) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404058; rev:2033;)
alert udp $HOME_NET any <> [203.136.50.155,203.141.153.236,203.141.249.71,203.150.2.225,203.170.145.6,203.200.166.38,203.209.167.182,203.209.167.221,203.80.238.185,203.94.228.49] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 30) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404059; rev:2033;)
alert tcp $HOME_NET any <> [204.11.33.122,204.124.181.86,204.14.120.74,204.15.224.134,204.152.221.218,204.16.200.180,204.188.214.138,204.188.221.227,204.188.221.228,204.188.223.69] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 31) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404060; rev:2033;)
alert udp $HOME_NET any <> [204.11.33.122,204.124.181.86,204.14.120.74,204.15.224.134,204.152.221.218,204.16.200.180,204.188.214.138,204.188.221.227,204.188.221.228,204.188.223.69] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 31) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404061; rev:2033;)
alert tcp $HOME_NET any <> [204.45.96.226,204.45.97.46,204.45.97.5,204.74.215.250,204.8.34.130,204.93.174.148,205.134.185.250,205.186.156.104,205.234.138.152,205.234.222.37] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 32) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404062; rev:2033;)
alert udp $HOME_NET any <> [204.45.96.226,204.45.97.46,204.45.97.5,204.74.215.250,204.8.34.130,204.93.174.148,205.134.185.250,205.186.156.104,205.234.138.152,205.234.222.37] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 32) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404063; rev:2033;)
alert tcp $HOME_NET any <> [206.12.19.242,206.124.14.169,206.125.175.82,206.126.142.60,206.212.249.20,206.217.203.217,206.251.38.20,206.253.175.240,206.40.205.124,206.41.116.100] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 33) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404064; rev:2033;)
alert udp $HOME_NET any <> [206.12.19.242,206.124.14.169,206.125.175.82,206.126.142.60,206.212.249.20,206.217.203.217,206.251.38.20,206.253.175.240,206.40.205.124,206.41.116.100] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 33) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404065; rev:2033;)
alert tcp $HOME_NET any <> [206.41.117.191,206.41.117.23,206.41.117.24,206.41.117.68,206.41.117.9,206.53.60.129,206.53.60.50,206.53.60.70,207.114.175.51,207.126.115.205] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 34) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404066; rev:2033;)
alert udp $HOME_NET any <> [206.41.117.191,206.41.117.23,206.41.117.24,206.41.117.68,206.41.117.9,206.53.60.129,206.53.60.50,206.53.60.70,207.114.175.51,207.126.115.205] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 34) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404067; rev:2033;)
alert tcp $HOME_NET any <> [207.126.115.219,207.126.167.147,207.145.6.5,207.166.122.72,207.166.122.75,207.182.240.68,207.192.72.43,207.192.72.99,207.192.75.90,207.210.208.16] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 35) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404068; rev:2033;)
alert udp $HOME_NET any <> [207.126.115.219,207.126.167.147,207.145.6.5,207.166.122.72,207.166.122.75,207.182.240.68,207.192.72.43,207.192.72.99,207.192.75.90,207.210.208.16] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 35) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404069; rev:2033;)
alert tcp $HOME_NET any <> [207.44.152.199,207.44.195.61,207.44.212.40,208.100.11.120,208.100.14.116,208.100.20.83,208.100.20.90,208.100.23.100,208.111.158.10,208.111.34.13] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 36) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404070; rev:2033;)
alert udp $HOME_NET any <> [207.44.152.199,207.44.195.61,207.44.212.40,208.100.11.120,208.100.14.116,208.100.20.83,208.100.20.90,208.100.23.100,208.111.158.10,208.111.34.13] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 36) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404071; rev:2033;)
alert tcp $HOME_NET any <> [208.111.35.75,208.111.39.43,208.115.221.42,208.115.233.133,208.115.36.180,208.146.35.105,208.146.35.106,208.167.236.6,208.167.237.120,208.185.80.72] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 37) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404072; rev:2033;)
alert udp $HOME_NET any <> [208.111.35.75,208.111.39.43,208.115.221.42,208.115.233.133,208.115.36.180,208.146.35.105,208.146.35.106,208.167.236.6,208.167.237.120,208.185.80.72] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 37) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404073; rev:2033;)
alert tcp $HOME_NET any <> [208.185.80.73,208.185.80.74,208.185.80.85,208.185.80.87,208.185.81.205,208.185.81.216,208.185.81.223,208.185.81.243,208.185.92.26,208.185.92.31] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 38) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404074; rev:2033;)
alert udp $HOME_NET any <> [208.185.80.73,208.185.80.74,208.185.80.85,208.185.80.87,208.185.81.205,208.185.81.216,208.185.81.223,208.185.81.243,208.185.92.26,208.185.92.31] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 38) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404075; rev:2033;)
alert tcp $HOME_NET any <> [208.27.69.193,208.49.56.226,208.51.40.10,208.51.40.12,208.51.40.13,208.51.40.14,208.51.40.2,208.53.131.12,208.53.152.179,208.53.163.194] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 39) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404076; rev:2033;)
alert udp $HOME_NET any <> [208.27.69.193,208.49.56.226,208.51.40.10,208.51.40.12,208.51.40.13,208.51.40.14,208.51.40.2,208.53.131.12,208.53.152.179,208.53.163.194] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 39) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404077; rev:2033;)
alert tcp $HOME_NET any <> [208.53.181.156,208.53.181.82,208.53.181.86,208.53.183.106,208.64.121.38,208.67.249.244,208.68.18.177,208.68.18.181,208.68.18.198,208.68.94.168] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 40) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404078; rev:2033;)
alert udp $HOME_NET any <> [208.53.181.156,208.53.181.82,208.53.181.86,208.53.183.106,208.64.121.38,208.67.249.244,208.68.18.177,208.68.18.181,208.68.18.198,208.68.94.168] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 40) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404079; rev:2033;)
alert tcp $HOME_NET any <> [208.68.94.62,208.71.174.161,208.75.182.230,208.78.100.117,208.78.170.147,208.82.117.118,208.83.21.12,208.83.221.58,208.83.223.69,208.93.220.195] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 41) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404080; rev:2033;)
alert udp $HOME_NET any <> [208.68.94.62,208.71.174.161,208.75.182.230,208.78.100.117,208.78.170.147,208.82.117.118,208.83.21.12,208.83.221.58,208.83.223.69,208.93.220.195] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 41) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404081; rev:2033;)
alert tcp $HOME_NET any <> [208.98.11.131,208.98.11.132,208.98.11.133,208.98.11.134,208.98.11.135,208.98.11.136,208.98.11.137,208.98.11.138,208.98.11.139,208.98.11.140] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 42) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404082; rev:2033;)
alert udp $HOME_NET any <> [208.98.11.131,208.98.11.132,208.98.11.133,208.98.11.134,208.98.11.135,208.98.11.136,208.98.11.137,208.98.11.138,208.98.11.139,208.98.11.140] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 42) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404083; rev:2033;)
alert tcp $HOME_NET any <> [208.98.11.141,208.98.11.144,208.98.11.146,208.98.11.148,208.98.11.150,208.98.11.152,208.98.11.188,208.98.13.247,208.98.17.200,208.98.17.219] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 43) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404084; rev:2033;)
alert udp $HOME_NET any <> [208.98.11.141,208.98.11.144,208.98.11.146,208.98.11.148,208.98.11.150,208.98.11.152,208.98.11.188,208.98.13.247,208.98.17.200,208.98.17.219] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 43) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404085; rev:2033;)
alert tcp $HOME_NET any <> [208.98.22.99,208.98.26.134,208.98.26.140,208.98.31.223,208.98.34.138,208.98.34.139,208.98.34.153,208.98.36.231,208.98.36.235,208.98.36.237] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 44) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404086; rev:2033;)
alert udp $HOME_NET any <> [208.98.22.99,208.98.26.134,208.98.26.140,208.98.31.223,208.98.34.138,208.98.34.139,208.98.34.153,208.98.36.231,208.98.36.235,208.98.36.237] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 44) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404087; rev:2033;)
alert tcp $HOME_NET any <> [208.98.36.239,208.98.42.106,208.98.42.67,208.98.42.80,208.98.51.10,208.98.51.24,208.98.51.26,208.98.51.27,208.98.61.28,208.98.61.34] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 45) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404088; rev:2033;)
alert udp $HOME_NET any <> [208.98.36.239,208.98.42.106,208.98.42.67,208.98.42.80,208.98.51.10,208.98.51.24,208.98.51.26,208.98.51.27,208.98.61.28,208.98.61.34] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 45) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404089; rev:2033;)
alert tcp $HOME_NET any <> [208.98.61.38,208.98.61.52,208.98.61.60,208.98.62.222,208.98.62.228,208.98.9.100,208.98.9.178,208.99.193.134,208.99.193.38,208.99.198.26] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 46) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404090; rev:2033;)
alert udp $HOME_NET any <> [208.98.61.38,208.98.61.52,208.98.61.60,208.98.62.222,208.98.62.228,208.98.9.100,208.98.9.178,208.99.193.134,208.99.193.38,208.99.198.26] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 46) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404091; rev:2033;)
alert tcp $HOME_NET any <> [208.99.89.207,208.99.89.231,209.11.244.82,209.133.11.157,209.133.11.179,209.133.11.202,209.133.11.209,209.133.11.212,209.133.8.83,209.133.8.84] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 47) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404092; rev:2033;)
alert udp $HOME_NET any <> [208.99.89.207,208.99.89.231,209.11.244.82,209.133.11.157,209.133.11.179,209.133.11.202,209.133.11.209,209.133.11.212,209.133.8.83,209.133.8.84] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 47) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404093; rev:2033;)
alert tcp $HOME_NET any <> [209.133.8.97,209.133.9.43,209.133.9.56,209.133.9.76,209.144.21.66,209.17.191.222,209.20.75.209,209.222.22.22,209.236.112.217,209.249.249.126] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 48) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404094; rev:2033;)
alert udp $HOME_NET any <> [209.133.8.97,209.133.9.43,209.133.9.56,209.133.9.76,209.144.21.66,209.17.191.222,209.20.75.209,209.222.22.22,209.236.112.217,209.249.249.126] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 48) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404095; rev:2033;)
alert tcp $HOME_NET any <> [209.250.240.90,209.251.184.237,209.31.100.15,209.40.201.26,209.40.203.246,209.59.222.88,209.9.228.99,209.92.50.61,210.107.239.150,210.127.253.90] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 49) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404096; rev:2033;)
alert udp $HOME_NET any <> [209.250.240.90,209.251.184.237,209.31.100.15,209.40.201.26,209.40.203.246,209.59.222.88,209.9.228.99,209.92.50.61,210.107.239.150,210.127.253.90] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 49) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404097; rev:2033;)
alert tcp $HOME_NET any <> [210.143.98.203,210.162.89.245,210.166.210.73,210.166.223.51,210.170.62.106,210.51.174.243,211.108.60.156,211.215.19.248,211.90.87.21,212.1.226.74] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 50) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404098; rev:2033;)
alert udp $HOME_NET any <> [210.143.98.203,210.162.89.245,210.166.210.73,210.166.223.51,210.170.62.106,210.51.174.243,211.108.60.156,211.215.19.248,211.90.87.21,212.1.226.74] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 50) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404099; rev:2033;)
alert tcp $HOME_NET any <> [212.101.125.10,212.101.125.11,212.101.125.12,212.101.125.4,212.101.125.5,212.101.125.6,212.101.125.7,212.101.125.8,212.101.125.9,212.110.128.80] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 51) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404100; rev:2033;)
alert udp $HOME_NET any <> [212.101.125.10,212.101.125.11,212.101.125.12,212.101.125.4,212.101.125.5,212.101.125.6,212.101.125.7,212.101.125.8,212.101.125.9,212.110.128.80] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 51) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404101; rev:2033;)
alert tcp $HOME_NET any <> [212.117.179.188,212.117.183.200,212.13.194.77,212.150.184.228,212.174.140.62,212.175.158.108,212.227.105.24,212.227.159.191,212.24.104.227,212.25.51.125] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 52) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404102; rev:2033;)
alert udp $HOME_NET any <> [212.117.179.188,212.117.183.200,212.13.194.77,212.150.184.228,212.174.140.62,212.175.158.108,212.227.105.24,212.227.159.191,212.24.104.227,212.25.51.125] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 52) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404103; rev:2033;)
alert tcp $HOME_NET any <> [212.27.60.46,212.40.37.118,212.40.5.191,212.48.121.72,212.59.199.130,212.59.199.131,212.62.248.142,212.71.19.100,212.71.19.106,212.73.124.12] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 53) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404104; rev:2033;)
alert udp $HOME_NET any <> [212.27.60.46,212.40.37.118,212.40.5.191,212.48.121.72,212.59.199.130,212.59.199.131,212.62.248.142,212.71.19.100,212.71.19.106,212.73.124.12] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 53) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404105; rev:2033;)
alert tcp $HOME_NET any <> [212.73.209.227,212.79.239.14,212.79.239.60,212.83.85.118,212.89.6.7,212.91.161.18,212.95.45.107,212.95.46.147,212.95.57.97,212.98.164.46] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 54) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404106; rev:2033;)
alert udp $HOME_NET any <> [212.73.209.227,212.79.239.14,212.79.239.60,212.83.85.118,212.89.6.7,212.91.161.18,212.95.45.107,212.95.46.147,212.95.57.97,212.98.164.46] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 54) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404107; rev:2033;)
alert tcp $HOME_NET any <> [213.108.48.3,213.11.137.67,213.131.156.50,213.131.156.51,213.144.174.126,213.145.209.132,213.149.231.9,213.155.23.104,213.155.31.24,213.159.233.34] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 55) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404108; rev:2033;)
alert udp $HOME_NET any <> [213.108.48.3,213.11.137.67,213.131.156.50,213.131.156.51,213.144.174.126,213.145.209.132,213.149.231.9,213.155.23.104,213.155.31.24,213.159.233.34] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 55) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404109; rev:2033;)
alert tcp $HOME_NET any <> [213.17.153.11,213.171.57.168,213.179.58.83,213.202.224.142,213.202.245.12,213.215.31.19,213.228.128.112,213.239.131.28,213.248.60.142,213.248.61.183] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 56) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404110; rev:2033;)
alert udp $HOME_NET any <> [213.17.153.11,213.171.57.168,213.179.58.83,213.202.224.142,213.202.245.12,213.215.31.19,213.228.128.112,213.239.131.28,213.248.60.142,213.248.61.183] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 56) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404111; rev:2033;)
alert tcp $HOME_NET any <> [213.249.68.98,213.251.176.140,213.53.107.38,213.73.255.147,216.139.241.100,216.152.78.163,216.152.78.164,216.152.78.165,216.152.78.166,216.152.78.167] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 57) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404112; rev:2033;)
alert udp $HOME_NET any <> [213.249.68.98,213.251.176.140,213.53.107.38,213.73.255.147,216.139.241.100,216.152.78.163,216.152.78.164,216.152.78.165,216.152.78.166,216.152.78.167] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 57) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404113; rev:2033;)
alert tcp $HOME_NET any <> [216.16.120.99,216.167.221.54,216.18.189.186,216.18.189.206,216.18.227.250,216.18.228.38,216.193.223.223,216.218.132.58,216.218.163.69,216.218.228.70] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 58) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404114; rev:2033;)
alert udp $HOME_NET any <> [216.16.120.99,216.167.221.54,216.18.189.186,216.18.189.206,216.18.227.250,216.18.228.38,216.193.223.223,216.218.132.58,216.218.163.69,216.218.228.70] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 58) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404115; rev:2033;)
alert tcp $HOME_NET any <> [216.240.158.98,216.244.157.116,216.245.214.147,216.245.215.106,216.25.44.10,216.25.44.118,216.25.44.119,216.25.44.121,216.25.44.122,216.25.44.16] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 59) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404116; rev:2033;)
alert udp $HOME_NET any <> [216.240.158.98,216.244.157.116,216.245.214.147,216.245.215.106,216.25.44.10,216.25.44.118,216.25.44.119,216.25.44.121,216.25.44.122,216.25.44.16] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 59) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404117; rev:2033;)
alert tcp $HOME_NET any <> [216.25.44.2,216.25.44.5,216.78.204.24,216.8.177.23,216.8.177.28,216.81.111.229,216.86.158.102,216.86.158.122,216.86.158.123,216.87.78.181] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 60) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404118; rev:2033;)
alert udp $HOME_NET any <> [216.25.44.2,216.25.44.5,216.78.204.24,216.8.177.23,216.8.177.28,216.81.111.229,216.86.158.102,216.86.158.122,216.86.158.123,216.87.78.181] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 60) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404119; rev:2033;)
alert tcp $HOME_NET any <> [217.11.227.38,217.11.52.135,217.115.200.20,217.117.187.98,217.12.63.26,217.146.74.25,217.146.84.157,217.146.88.155,217.147.93.66,217.17.33.10] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 61) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404120; rev:2033;)
alert udp $HOME_NET any <> [217.11.227.38,217.11.52.135,217.115.200.20,217.117.187.98,217.12.63.26,217.146.74.25,217.146.84.157,217.146.88.155,217.147.93.66,217.17.33.10] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 61) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404121; rev:2033;)
alert tcp $HOME_NET any <> [217.172.170.241,217.172.33.53,217.174.199.222,217.18.70.70,217.195.122.2,217.20.112.128,217.208.43.245,217.219.137.162,217.23.13.116,217.23.13.193] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 62) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404122; rev:2033;)
alert udp $HOME_NET any <> [217.172.170.241,217.172.33.53,217.174.199.222,217.18.70.70,217.195.122.2,217.20.112.128,217.208.43.245,217.219.137.162,217.23.13.116,217.23.13.193] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 62) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404123; rev:2033;)
alert tcp $HOME_NET any <> [217.23.13.194,217.23.13.244,217.23.13.245,217.29.87.254,217.69.165.160,217.69.168.68,217.70.33.28,217.75.128.2,218.106.165.193,218.201.143.249] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 63) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404124; rev:2033;)
alert udp $HOME_NET any <> [217.23.13.194,217.23.13.244,217.23.13.245,217.29.87.254,217.69.165.160,217.69.168.68,217.70.33.28,217.75.128.2,218.106.165.193,218.201.143.249] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 63) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404125; rev:2033;)
alert tcp $HOME_NET any <> [218.247.178.6,218.249.109.217,218.44.249.117,218.94.142.102,219.143.59.66,219.90.118.136,219.90.201.229,220.229.232.69,221.135.115.186,221.135.126.238] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 64) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404126; rev:2033;)
alert udp $HOME_NET any <> [218.247.178.6,218.249.109.217,218.44.249.117,218.94.142.102,219.143.59.66,219.90.118.136,219.90.201.229,220.229.232.69,221.135.115.186,221.135.126.238] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 64) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404127; rev:2033;)
alert tcp $HOME_NET any <> [221.186.119.130,24.108.94.92,24.118.230.188,24.118.241.201,24.161.60.193,24.166.48.221,24.240.168.165,38.108.111.211,4.53.50.37,58.239.134.43] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 65) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404128; rev:2033;)
alert udp $HOME_NET any <> [221.186.119.130,24.108.94.92,24.118.230.188,24.118.241.201,24.161.60.193,24.166.48.221,24.240.168.165,38.108.111.211,4.53.50.37,58.239.134.43] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 65) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404129; rev:2033;)
alert tcp $HOME_NET any <> [59.160.236.147,60.190.222.139,60.190.54.105,60.198.191.238,60.199.200.163,61.121.247.163,61.158.205.224,61.195.154.6,61.64.11.29,61.7.161.227] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 66) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404130; rev:2033;)
alert udp $HOME_NET any <> [59.160.236.147,60.190.222.139,60.190.54.105,60.198.191.238,60.199.200.163,61.121.247.163,61.158.205.224,61.195.154.6,61.64.11.29,61.7.161.227] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 66) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404131; rev:2033;)
alert tcp $HOME_NET any <> [62.109.15.169,62.133.211.174,62.140.227.246,62.141.43.18,62.141.48.112,62.141.49.112,62.141.91.77,62.181.89.111,62.181.89.18,62.193.249.122] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 67) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404132; rev:2033;)
alert udp $HOME_NET any <> [62.109.15.169,62.133.211.174,62.140.227.246,62.141.43.18,62.141.48.112,62.141.49.112,62.141.91.77,62.181.89.111,62.181.89.18,62.193.249.122] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 67) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404133; rev:2033;)
alert tcp $HOME_NET any <> [62.211.73.232,62.212.67.68,62.216.3.195,62.218.28.34,62.244.55.234,62.3.99.91,62.75.143.63,62.75.146.184,62.75.202.25,62.75.243.185] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 68) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404134; rev:2033;)
alert udp $HOME_NET any <> [62.211.73.232,62.212.67.68,62.216.3.195,62.218.28.34,62.244.55.234,62.3.99.91,62.75.143.63,62.75.146.184,62.75.202.25,62.75.243.185] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 68) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404135; rev:2033;)
alert tcp $HOME_NET any <> [62.75.249.240,62.90.168.100,62.90.168.16,63.245.208.159,63.245.216.214,64.113.1.99,64.12.165.56,64.120.141.10,64.120.21.21,64.120.21.24] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 69) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404136; rev:2033;)
alert udp $HOME_NET any <> [62.75.249.240,62.90.168.100,62.90.168.16,63.245.208.159,63.245.216.214,64.113.1.99,64.12.165.56,64.120.141.10,64.120.21.21,64.120.21.24] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 69) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404137; rev:2033;)
alert tcp $HOME_NET any <> [64.120.21.25,64.120.47.66,64.122.31.116,64.125.185.222,64.127.102.249,64.15.77.71,64.150.180.13,64.16.210.102,64.16.210.42,64.18.132.176] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 70) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404138; rev:2033;)
alert udp $HOME_NET any <> [64.120.21.25,64.120.47.66,64.122.31.116,64.125.185.222,64.127.102.249,64.15.77.71,64.150.180.13,64.16.210.102,64.16.210.42,64.18.132.176] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 70) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404139; rev:2033;)
alert tcp $HOME_NET any <> [64.18.132.182,64.18.134.201,64.18.139.82,64.186.131.59,64.201.189.131,64.202.102.11,64.235.252.145,64.244.154.174,64.246.20.126,64.247.19.79] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 71) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404140; rev:2033;)
alert udp $HOME_NET any <> [64.18.132.182,64.18.134.201,64.18.139.82,64.186.131.59,64.201.189.131,64.202.102.11,64.235.252.145,64.244.154.174,64.246.20.126,64.247.19.79] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 71) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404141; rev:2033;)
alert tcp $HOME_NET any <> [64.251.28.85,64.32.1.124,64.32.1.16,64.32.1.33,64.32.12.118,64.32.12.197,64.32.14.176,64.32.14.20,64.32.19.10,64.32.19.27] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 72) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404142; rev:2033;)
alert udp $HOME_NET any <> [64.251.28.85,64.32.1.124,64.32.1.16,64.32.1.33,64.32.12.118,64.32.12.197,64.32.14.176,64.32.14.20,64.32.19.10,64.32.19.27] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 72) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404143; rev:2033;)
alert tcp $HOME_NET any <> [64.32.19.46,64.32.19.58,64.32.20.108,64.32.20.127,64.32.20.166,64.32.24.217,64.32.27.135,64.34.164.81,64.62.190.245,64.62.190.36] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 73) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404144; rev:2033;)
alert udp $HOME_NET any <> [64.32.19.46,64.32.19.58,64.32.20.108,64.32.20.127,64.32.20.166,64.32.24.217,64.32.27.135,64.34.164.81,64.62.190.245,64.62.190.36] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 73) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404145; rev:2033;)
alert tcp $HOME_NET any <> [64.62.190.73,64.62.231.212,64.85.160.108,64.85.160.30,64.85.162.200,64.85.162.202,64.85.162.206,64.85.163.113,64.85.163.127,64.85.163.52] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 74) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404146; rev:2033;)
alert udp $HOME_NET any <> [64.62.190.73,64.62.231.212,64.85.160.108,64.85.160.30,64.85.162.200,64.85.162.202,64.85.162.206,64.85.163.113,64.85.163.127,64.85.163.52] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 74) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404147; rev:2033;)
alert tcp $HOME_NET any <> [64.85.164.73,65.110.41.130,65.110.58.110,65.110.62.181,65.110.62.200,65.110.62.93,65.111.177.51,65.19.178.15,65.209.20.22,65.23.129.114] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 75) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404148; rev:2033;)
alert udp $HOME_NET any <> [64.85.164.73,65.110.41.130,65.110.58.110,65.110.62.181,65.110.62.200,65.110.62.93,65.111.177.51,65.19.178.15,65.209.20.22,65.23.129.114] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 75) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404149; rev:2033;)
alert tcp $HOME_NET any <> [65.23.153.98,65.23.156.37,65.23.157.127,65.23.158.132,65.96.38.92,65.98.11.2,66.101.48.254,66.11.238.19,66.111.35.104,66.111.36.61] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 76) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404150; rev:2033;)
alert udp $HOME_NET any <> [65.23.153.98,65.23.156.37,65.23.157.127,65.23.158.132,65.96.38.92,65.98.11.2,66.101.48.254,66.11.238.19,66.111.35.104,66.111.36.61] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 76) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404151; rev:2033;)
alert tcp $HOME_NET any <> [66.154.121.11,66.154.121.200,66.154.121.202,66.154.121.203,66.154.99.150,66.165.177.88,66.197.186.85,66.197.194.185,66.197.220.230,66.198.80.67] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 77) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404152; rev:2033;)
alert udp $HOME_NET any <> [66.154.121.11,66.154.121.200,66.154.121.202,66.154.121.203,66.154.99.150,66.165.177.88,66.197.186.85,66.197.194.185,66.197.220.230,66.198.80.67] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 77) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404153; rev:2033;)
alert tcp $HOME_NET any <> [66.205.65.100,66.207.164.29,66.207.212.113,66.212.21.20,66.220.1.185,66.220.1.44,66.220.1.59,66.220.13.242,66.225.200.20,66.225.200.30] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 78) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404154; rev:2033;)
alert udp $HOME_NET any <> [66.205.65.100,66.207.164.29,66.207.212.113,66.212.21.20,66.220.1.185,66.220.1.44,66.220.1.59,66.220.13.242,66.225.200.20,66.225.200.30] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 78) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404155; rev:2033;)
alert tcp $HOME_NET any <> [66.225.200.46,66.225.200.52,66.225.200.62,66.225.200.66,66.225.200.69,66.225.223.109,66.225.223.112,66.225.223.115,66.225.223.13,66.225.223.52] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 79) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404156; rev:2033;)
alert udp $HOME_NET any <> [66.225.200.46,66.225.200.52,66.225.200.62,66.225.200.66,66.225.200.69,66.225.223.109,66.225.223.112,66.225.223.115,66.225.223.13,66.225.223.52] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 79) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404157; rev:2033;)
alert tcp $HOME_NET any <> [66.225.223.61,66.225.223.70,66.225.223.75,66.225.223.89,66.225.223.91,66.225.225.225,66.225.225.66,66.230.192.37,66.231.234.174,66.235.184.37] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 80) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404158; rev:2033;)
alert udp $HOME_NET any <> [66.225.223.61,66.225.223.70,66.225.223.75,66.225.223.89,66.225.223.91,66.225.225.225,66.225.225.66,66.230.192.37,66.231.234.174,66.235.184.37] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 80) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404159; rev:2033;)
alert tcp $HOME_NET any <> [66.246.149.4,66.246.76.24,66.249.128.230,66.45.226.37,66.45.234.200,66.55.71.243,66.76.162.104,66.90.118.14,66.90.65.10,66.90.66.243] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 81) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404160; rev:2033;)
alert udp $HOME_NET any <> [66.246.149.4,66.246.76.24,66.249.128.230,66.45.226.37,66.45.234.200,66.55.71.243,66.76.162.104,66.90.118.14,66.90.65.10,66.90.66.243] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 81) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404161; rev:2033;)
alert tcp $HOME_NET any <> [66.90.82.8,66.90.90.196,66.98.224.132,67.159.2.109,67.159.2.110,67.159.2.111,67.159.2.112,67.159.2.113,67.159.2.114,67.159.2.115] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 82) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404162; rev:2033;)
alert udp $HOME_NET any <> [66.90.82.8,66.90.90.196,66.98.224.132,67.159.2.109,67.159.2.110,67.159.2.111,67.159.2.112,67.159.2.113,67.159.2.114,67.159.2.115] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 82) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404163; rev:2033;)
alert tcp $HOME_NET any <> [67.159.2.117,67.159.56.58,67.18.176.176,67.18.176.230,67.18.187.34,67.18.208.96,67.202.107.13,67.202.109.119,67.202.109.205,67.202.114.38] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 83) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404164; rev:2033;)
alert udp $HOME_NET any <> [67.159.2.117,67.159.56.58,67.18.176.176,67.18.176.230,67.18.187.34,67.18.208.96,67.202.107.13,67.202.109.119,67.202.109.205,67.202.114.38] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 83) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404165; rev:2033;)
alert tcp $HOME_NET any <> [67.205.85.231,67.207.138.239,67.21.65.15,67.21.65.62,67.21.72.43,67.21.72.50,67.21.79.130,67.210.234.18,67.213.221.178,67.220.66.166] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 84) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404166; rev:2033;)
alert udp $HOME_NET any <> [67.205.85.231,67.207.138.239,67.21.65.15,67.21.65.62,67.21.72.43,67.21.72.50,67.21.79.130,67.210.234.18,67.213.221.178,67.220.66.166] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 84) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404167; rev:2033;)
alert tcp $HOME_NET any <> [67.220.66.167,67.220.66.168,67.220.66.170,67.220.66.171,67.220.66.172,67.220.66.52,67.220.66.72,67.220.71.84,67.220.73.102,67.220.73.105] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 85) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404168; rev:2033;)
alert udp $HOME_NET any <> [67.220.66.167,67.220.66.168,67.220.66.170,67.220.66.171,67.220.66.172,67.220.66.52,67.220.66.72,67.220.71.84,67.220.73.102,67.220.73.105] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 85) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404169; rev:2033;)
alert tcp $HOME_NET any <> [67.220.73.107,67.220.75.164,67.220.78.43,67.220.85.1,67.220.85.7,67.220.85.8,67.220.85.9,67.222.13.112,67.223.237.99,67.223.254.182] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 86) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404170; rev:2033;)
alert udp $HOME_NET any <> [67.220.73.107,67.220.75.164,67.220.78.43,67.220.85.1,67.220.85.7,67.220.85.8,67.220.85.9,67.222.13.112,67.223.237.99,67.223.254.182] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 86) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404171; rev:2033;)
alert tcp $HOME_NET any <> [67.223.97.74,67.23.178.252,67.23.234.155,67.23.6.180,67.23.7.58,67.43.226.210,67.43.226.211,67.43.226.212,67.43.226.213,67.43.226.214] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 87) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404172; rev:2033;)
alert udp $HOME_NET any <> [67.223.97.74,67.23.178.252,67.23.234.155,67.23.6.180,67.23.7.58,67.43.226.210,67.43.226.211,67.43.226.212,67.43.226.213,67.43.226.214] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 87) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404173; rev:2033;)
alert tcp $HOME_NET any <> [67.43.226.6,67.43.226.7,67.43.228.194,67.43.228.223,67.43.228.226,67.43.230.226,67.43.230.227,67.43.230.228,67.43.230.229,67.43.230.230] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 88) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404174; rev:2033;)
alert udp $HOME_NET any <> [67.43.226.6,67.43.226.7,67.43.228.194,67.43.228.223,67.43.228.226,67.43.230.226,67.43.230.227,67.43.230.228,67.43.230.229,67.43.230.230] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 88) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404175; rev:2033;)
alert tcp $HOME_NET any <> [67.43.230.231,67.43.230.233,67.43.230.234,67.43.230.235,67.43.230.236,67.43.230.237,67.43.230.238,67.43.230.239,67.43.230.240,67.43.230.241] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 89) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404176; rev:2033;)
alert udp $HOME_NET any <> [67.43.230.231,67.43.230.233,67.43.230.234,67.43.230.235,67.43.230.236,67.43.230.237,67.43.230.238,67.43.230.239,67.43.230.240,67.43.230.241] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 89) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404177; rev:2033;)
alert tcp $HOME_NET any <> [67.43.230.242,67.43.230.243,67.43.230.244,67.43.230.247,67.43.230.249,67.43.230.250,67.43.230.73,67.43.230.74,67.43.230.76,67.43.232.178] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 90) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404178; rev:2033;)
alert udp $HOME_NET any <> [67.43.230.242,67.43.230.243,67.43.230.244,67.43.230.247,67.43.230.249,67.43.230.250,67.43.230.73,67.43.230.74,67.43.230.76,67.43.232.178] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 90) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404179; rev:2033;)
alert tcp $HOME_NET any <> [67.43.238.213,68.168.212.6,68.232.162.247,68.232.170.240,68.75.207.189,68.99.69.10,69.12.8.25,69.147.228.45,69.162.101.52,69.162.117.218] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 91) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404180; rev:2033;)
alert udp $HOME_NET any <> [67.43.238.213,68.168.212.6,68.232.162.247,68.232.170.240,68.75.207.189,68.99.69.10,69.12.8.25,69.147.228.45,69.162.101.52,69.162.117.218] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 91) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404181; rev:2033;)
alert tcp $HOME_NET any <> [69.162.80.43,69.164.197.103,69.164.201.185,69.164.216.206,69.17.17.5,69.197.24.1,69.197.59.250,69.197.60.55,69.197.60.60,69.197.63.190] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 92) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404182; rev:2033;)
alert udp $HOME_NET any <> [69.162.80.43,69.164.197.103,69.164.201.185,69.164.216.206,69.17.17.5,69.197.24.1,69.197.59.250,69.197.60.55,69.197.60.60,69.197.63.190] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 92) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404183; rev:2033;)
alert tcp $HOME_NET any <> [69.199.121.114,69.20.231.81,69.20.234.2,69.217.36.153,69.28.129.165,69.28.220.143,69.31.228.75,69.36.111.69,69.39.224.53,69.41.178.98] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 93) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404184; rev:2033;)
alert udp $HOME_NET any <> [69.199.121.114,69.20.231.81,69.20.234.2,69.217.36.153,69.28.129.165,69.28.220.143,69.31.228.75,69.36.111.69,69.39.224.53,69.41.178.98] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 93) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404185; rev:2033;)
alert tcp $HOME_NET any <> [69.42.210.56,69.42.212.2,69.42.214.132,69.42.214.133,69.42.214.152,69.42.214.241,69.42.215.10,69.42.215.12,69.42.215.14,69.42.215.16] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 94) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404186; rev:2033;)
alert udp $HOME_NET any <> [69.42.210.56,69.42.212.2,69.42.214.132,69.42.214.133,69.42.214.152,69.42.214.241,69.42.215.10,69.42.215.12,69.42.215.14,69.42.215.16] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 94) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404187; rev:2033;)
alert tcp $HOME_NET any <> [69.42.215.20,69.42.215.22,69.42.215.24,69.42.215.4,69.42.215.6,69.42.215.8,69.42.217.82,69.42.218.168,69.42.218.218,69.42.218.243] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 95) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404188; rev:2033;)
alert udp $HOME_NET any <> [69.42.215.20,69.42.215.22,69.42.215.24,69.42.215.4,69.42.215.6,69.42.215.8,69.42.217.82,69.42.218.168,69.42.218.218,69.42.218.243] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 95) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404189; rev:2033;)
alert tcp $HOME_NET any <> [69.42.218.70,69.42.218.72,69.42.218.75,69.42.219.194,69.42.220.168,69.42.221.252,69.42.221.7,69.42.222.24,69.42.222.25,69.42.223.201] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 96) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404190; rev:2033;)
alert udp $HOME_NET any <> [69.42.218.70,69.42.218.72,69.42.218.75,69.42.219.194,69.42.220.168,69.42.221.252,69.42.221.7,69.42.222.24,69.42.222.25,69.42.223.201] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 96) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404191; rev:2033;)
alert tcp $HOME_NET any <> [69.42.223.202,69.42.223.204,69.56.173.120,69.64.36.197,69.64.38.216,69.64.39.194,69.64.39.201,69.64.39.202,69.64.43.197,69.64.58.106] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 97) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404192; rev:2033;)
alert udp $HOME_NET any <> [69.42.223.202,69.42.223.204,69.56.173.120,69.64.36.197,69.64.38.216,69.64.39.194,69.64.39.201,69.64.39.202,69.64.43.197,69.64.58.106] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 97) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404193; rev:2033;)
alert tcp $HOME_NET any <> [69.64.61.249,69.65.42.31,69.89.182.202,69.90.157.210,69.90.157.219,69.93.229.206,69.93.9.12,70.39.111.203,70.39.82.138,70.39.91.78] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 98) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404194; rev:2033;)
alert udp $HOME_NET any <> [69.64.61.249,69.65.42.31,69.89.182.202,69.90.157.210,69.90.157.219,69.93.229.206,69.93.9.12,70.39.111.203,70.39.82.138,70.39.91.78] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 98) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404195; rev:2033;)
alert tcp $HOME_NET any <> [70.39.93.10,70.61.101.163,70.84.15.212,70.84.53.182,70.85.129.195,70.85.237.252,70.91.45.236,70.95.108.219,71.6.218.42,72.10.160.212] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 99) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404196; rev:2033;)
alert udp $HOME_NET any <> [70.39.93.10,70.61.101.163,70.84.15.212,70.84.53.182,70.85.129.195,70.85.237.252,70.91.45.236,70.95.108.219,71.6.218.42,72.10.160.212] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 99) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404197; rev:2033;)
alert tcp $HOME_NET any <> [72.11.142.40,72.14.176.171,72.14.179.148,72.14.185.157,72.20.1.130,72.20.14.10,72.20.14.103,72.20.14.11,72.20.14.204,72.20.14.205] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 100) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404198; rev:2033;)
alert udp $HOME_NET any <> [72.11.142.40,72.14.176.171,72.14.179.148,72.14.185.157,72.20.1.130,72.20.14.10,72.20.14.103,72.20.14.11,72.20.14.204,72.20.14.205] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 100) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404199; rev:2033;)
alert tcp $HOME_NET any <> [72.20.14.212,72.20.14.216,72.20.14.218,72.20.14.220,72.20.14.230,72.20.14.234,72.20.14.236,72.20.14.249,72.20.14.25,72.20.14.27] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 101) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404200; rev:2033;)
alert udp $HOME_NET any <> [72.20.14.212,72.20.14.216,72.20.14.218,72.20.14.220,72.20.14.230,72.20.14.234,72.20.14.236,72.20.14.249,72.20.14.25,72.20.14.27] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 101) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404201; rev:2033;)
alert tcp $HOME_NET any <> [72.20.14.42,72.20.14.5,72.20.15.210,72.20.15.215,72.20.15.234,72.20.15.236,72.20.15.243,72.20.15.246,72.20.15.247,72.20.15.250] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 102) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404202; rev:2033;)
alert udp $HOME_NET any <> [72.20.14.42,72.20.14.5,72.20.15.210,72.20.15.215,72.20.15.234,72.20.15.236,72.20.15.243,72.20.15.246,72.20.15.247,72.20.15.250] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 102) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404203; rev:2033;)
alert tcp $HOME_NET any <> [72.20.15.35,72.20.17.139,72.20.17.149,72.20.17.167,72.20.17.168,72.20.17.178,72.20.21.115,72.20.21.123,72.20.21.124,72.20.21.126] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 103) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404204; rev:2033;)
alert udp $HOME_NET any <> [72.20.15.35,72.20.17.139,72.20.17.149,72.20.17.167,72.20.17.168,72.20.17.178,72.20.21.115,72.20.21.123,72.20.21.124,72.20.21.126] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 103) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404205; rev:2033;)
alert tcp $HOME_NET any <> [72.20.21.13,72.20.21.36,72.20.21.37,72.20.21.43,72.20.21.45,72.20.23.102,72.20.23.107,72.20.23.108,72.20.23.74,72.20.23.77] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 104) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404206; rev:2033;)
alert udp $HOME_NET any <> [72.20.21.13,72.20.21.36,72.20.21.37,72.20.21.43,72.20.21.45,72.20.23.102,72.20.23.107,72.20.23.108,72.20.23.74,72.20.23.77] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 104) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404207; rev:2033;)
alert tcp $HOME_NET any <> [72.20.23.90,72.20.23.96,72.20.24.158,72.20.24.161,72.20.24.162,72.20.24.163,72.20.24.164,72.20.25.153,72.20.25.181,72.20.26.148] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 105) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404208; rev:2033;)
alert udp $HOME_NET any <> [72.20.23.90,72.20.23.96,72.20.24.158,72.20.24.161,72.20.24.162,72.20.24.163,72.20.24.164,72.20.25.153,72.20.25.181,72.20.26.148] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 105) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404209; rev:2033;)
alert tcp $HOME_NET any <> [72.20.27.113,72.20.27.120,72.20.28.193,72.20.28.194,72.20.28.195,72.20.28.196,72.20.28.197,72.20.28.199,72.20.28.200,72.20.28.204] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 106) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404210; rev:2033;)
alert udp $HOME_NET any <> [72.20.27.113,72.20.27.120,72.20.28.193,72.20.28.194,72.20.28.195,72.20.28.196,72.20.28.197,72.20.28.199,72.20.28.200,72.20.28.204] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 106) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404211; rev:2033;)
alert tcp $HOME_NET any <> [72.20.28.206,72.20.28.210,72.20.28.211,72.20.28.218,72.20.28.220,72.20.28.234,72.20.28.237,72.20.28.245,72.20.28.247,72.20.28.249] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 107) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404212; rev:2033;)
alert udp $HOME_NET any <> [72.20.28.206,72.20.28.210,72.20.28.211,72.20.28.218,72.20.28.220,72.20.28.234,72.20.28.237,72.20.28.245,72.20.28.247,72.20.28.249] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 107) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404213; rev:2033;)
alert tcp $HOME_NET any <> [72.20.28.252,72.20.28.254,72.20.33.109,72.20.33.201,72.20.33.202,72.20.33.77,72.20.35.120,72.20.35.135,72.20.35.183,72.20.35.20] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 108) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404214; rev:2033;)
alert udp $HOME_NET any <> [72.20.28.252,72.20.28.254,72.20.33.109,72.20.33.201,72.20.33.202,72.20.33.77,72.20.35.120,72.20.35.135,72.20.35.183,72.20.35.20] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 108) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404215; rev:2033;)
alert tcp $HOME_NET any <> [72.20.35.21,72.20.35.23,72.20.35.24,72.20.35.25,72.20.35.31,72.20.35.38,72.20.35.54,72.20.35.55,72.20.35.70,72.20.36.2] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 109) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404216; rev:2033;)
alert udp $HOME_NET any <> [72.20.35.21,72.20.35.23,72.20.35.24,72.20.35.25,72.20.35.31,72.20.35.38,72.20.35.54,72.20.35.55,72.20.35.70,72.20.36.2] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 109) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404217; rev:2033;)
alert tcp $HOME_NET any <> [72.20.36.24,72.20.36.25,72.20.36.3,72.20.36.33,72.20.36.4,72.20.36.40,72.20.36.43,72.20.36.49,72.20.36.5,72.20.36.50] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 110) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404218; rev:2033;)
alert udp $HOME_NET any <> [72.20.36.24,72.20.36.25,72.20.36.3,72.20.36.33,72.20.36.4,72.20.36.40,72.20.36.43,72.20.36.49,72.20.36.5,72.20.36.50] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 110) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404219; rev:2033;)
alert tcp $HOME_NET any <> [72.20.36.52,72.20.36.53,72.20.36.54,72.20.36.55,72.20.36.57,72.20.36.58,72.20.36.6,72.20.36.60,72.20.36.62,72.20.36.9] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 111) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404220; rev:2033;)
alert udp $HOME_NET any <> [72.20.36.52,72.20.36.53,72.20.36.54,72.20.36.55,72.20.36.57,72.20.36.58,72.20.36.6,72.20.36.60,72.20.36.62,72.20.36.9] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 111) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404221; rev:2033;)
alert tcp $HOME_NET any <> [72.20.37.113,72.20.37.114,72.20.37.115,72.20.37.116,72.20.37.117,72.20.37.118,72.20.37.151,72.20.37.154,72.20.37.156,72.20.37.157] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 112) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404222; rev:2033;)
alert udp $HOME_NET any <> [72.20.37.113,72.20.37.114,72.20.37.115,72.20.37.116,72.20.37.117,72.20.37.118,72.20.37.151,72.20.37.154,72.20.37.156,72.20.37.157] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 112) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404223; rev:2033;)
alert tcp $HOME_NET any <> [72.20.37.158,72.20.37.159,72.20.37.161,72.20.37.169,72.20.37.171,72.20.37.173,72.20.37.189,72.20.37.33,72.20.37.39,72.20.37.47] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 113) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404224; rev:2033;)
alert udp $HOME_NET any <> [72.20.37.158,72.20.37.159,72.20.37.161,72.20.37.169,72.20.37.171,72.20.37.173,72.20.37.189,72.20.37.33,72.20.37.39,72.20.37.47] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 113) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404225; rev:2033;)
alert tcp $HOME_NET any <> [72.20.38.118,72.20.38.17,72.20.38.18,72.20.38.19,72.20.38.20,72.20.38.200,72.20.38.21,72.20.38.22,72.20.38.76,72.20.40.249] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 114) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404226; rev:2033;)
alert udp $HOME_NET any <> [72.20.38.118,72.20.38.17,72.20.38.18,72.20.38.19,72.20.38.20,72.20.38.200,72.20.38.21,72.20.38.22,72.20.38.76,72.20.40.249] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 114) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404227; rev:2033;)
alert tcp $HOME_NET any <> [72.20.40.35,72.20.40.52,72.20.42.98,72.20.45.81,72.20.45.82,72.20.45.83,72.20.45.84,72.20.45.85,72.20.45.86,72.20.46.9] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 115) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404228; rev:2033;)
alert udp $HOME_NET any <> [72.20.40.35,72.20.40.52,72.20.42.98,72.20.45.81,72.20.45.82,72.20.45.83,72.20.45.84,72.20.45.85,72.20.45.86,72.20.46.9] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 115) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404229; rev:2033;)
alert tcp $HOME_NET any <> [72.20.48.100,72.20.48.111,72.20.48.40,72.20.48.50,72.20.48.60,72.20.48.95,72.20.50.250,72.20.50.65,72.20.50.70,72.20.51.115] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 116) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404230; rev:2033;)
alert udp $HOME_NET any <> [72.20.48.100,72.20.48.111,72.20.48.40,72.20.48.50,72.20.48.60,72.20.48.95,72.20.50.250,72.20.50.65,72.20.50.70,72.20.51.115] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 116) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404231; rev:2033;)
alert tcp $HOME_NET any <> [72.20.51.178,72.20.51.91,72.20.51.99,72.20.52.189,72.20.52.190,72.20.52.79,72.20.53.139,72.20.54.120,72.20.54.121,72.20.54.123] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 117) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404232; rev:2033;)
alert udp $HOME_NET any <> [72.20.51.178,72.20.51.91,72.20.51.99,72.20.52.189,72.20.52.190,72.20.52.79,72.20.53.139,72.20.54.120,72.20.54.121,72.20.54.123] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 117) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404233; rev:2033;)
alert tcp $HOME_NET any <> [72.20.54.124,72.20.54.67,72.20.54.69,72.20.54.90,72.20.56.24,72.20.56.48,72.20.56.59,72.20.57.109,72.20.57.120,72.20.58.136] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 118) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404234; rev:2033;)
alert udp $HOME_NET any <> [72.20.54.124,72.20.54.67,72.20.54.69,72.20.54.90,72.20.56.24,72.20.56.48,72.20.56.59,72.20.57.109,72.20.57.120,72.20.58.136] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 118) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404235; rev:2033;)
alert tcp $HOME_NET any <> [72.20.58.143,72.20.58.175,72.20.58.177,72.20.6.170,72.22.83.165,72.233.7.230,72.250.175.12,72.32.146.136,72.47.213.143,72.47.218.197] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 119) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404236; rev:2033;)
alert udp $HOME_NET any <> [72.20.58.143,72.20.58.175,72.20.58.177,72.20.6.170,72.22.83.165,72.233.7.230,72.250.175.12,72.32.146.136,72.47.213.143,72.47.218.197] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 119) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404237; rev:2033;)
alert tcp $HOME_NET any <> [72.47.218.27,72.52.102.218,72.73.235.83,72.77.145.27,72.8.130.103,72.8.130.60,72.8.131.37,72.8.134.218,72.8.140.109,72.8.140.114] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 120) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404238; rev:2033;)
alert udp $HOME_NET any <> [72.47.218.27,72.52.102.218,72.73.235.83,72.77.145.27,72.8.130.103,72.8.130.60,72.8.131.37,72.8.134.218,72.8.140.109,72.8.140.114] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 120) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404239; rev:2033;)
alert tcp $HOME_NET any <> [72.8.140.126,74.117.115.102,74.117.173.200,74.117.174.101,74.117.174.110,74.117.174.119,74.117.174.3,74.117.174.4,74.117.174.5,74.117.174.60] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 121) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404240; rev:2033;)
alert udp $HOME_NET any <> [72.8.140.126,74.117.115.102,74.117.173.200,74.117.174.101,74.117.174.110,74.117.174.119,74.117.174.3,74.117.174.4,74.117.174.5,74.117.174.60] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 121) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404241; rev:2033;)
alert tcp $HOME_NET any <> [74.117.174.79,74.117.174.82,74.117.174.85,74.117.174.90,74.117.174.99,74.117.63.238,74.122.159.122,74.138.104.142,74.204.160.210,74.208.101.128] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 122) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404242; rev:2033;)
alert udp $HOME_NET any <> [74.117.174.79,74.117.174.82,74.117.174.85,74.117.174.90,74.117.174.99,74.117.63.238,74.122.159.122,74.138.104.142,74.204.160.210,74.208.101.128] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 122) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404243; rev:2033;)
alert tcp $HOME_NET any <> [74.208.103.34,74.208.166.145,74.208.166.160,74.208.17.205,74.208.228.244,74.41.18.106,74.50.52.59,74.63.208.146,74.63.239.114,74.63.78.3] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 123) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404244; rev:2033;)
alert udp $HOME_NET any <> [74.208.103.34,74.208.166.145,74.208.166.160,74.208.17.205,74.208.228.244,74.41.18.106,74.50.52.59,74.63.208.146,74.63.239.114,74.63.78.3] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 123) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404245; rev:2033;)
alert tcp $HOME_NET any <> [74.86.250.59,74.86.250.60,74.86.250.61,74.86.250.62,74.86.250.63,75.102.26.70,75.118.123.95,75.148.241.253,75.150.126.241,75.150.46.25] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 124) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404246; rev:2033;)
alert udp $HOME_NET any <> [74.86.250.59,74.86.250.60,74.86.250.61,74.86.250.62,74.86.250.63,75.102.26.70,75.118.123.95,75.148.241.253,75.150.126.241,75.150.46.25] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 124) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404247; rev:2033;)
alert tcp $HOME_NET any <> [75.187.86.230,76.183.220.25,76.73.103.140,76.73.103.59,76.73.15.38,76.73.17.206,76.73.56.22,76.76.11.208,77.235.49.17,77.244.242.98] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 125) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404248; rev:2033;)
alert udp $HOME_NET any <> [75.187.86.230,76.183.220.25,76.73.103.140,76.73.103.59,76.73.15.38,76.73.17.206,76.73.56.22,76.76.11.208,77.235.49.17,77.244.242.98] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 125) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404249; rev:2033;)
alert tcp $HOME_NET any <> [77.244.252.171,77.59.219.91,77.79.12.224,77.91.225.143,77.91.226.45,77.91.227.234,78.129.223.131,78.129.228.10,78.129.228.16,78.129.228.23] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 126) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404250; rev:2033;)
alert udp $HOME_NET any <> [77.244.252.171,77.59.219.91,77.79.12.224,77.91.225.143,77.91.226.45,77.91.227.234,78.129.223.131,78.129.228.10,78.129.228.16,78.129.228.23] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 126) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404251; rev:2033;)
alert tcp $HOME_NET any <> [78.129.228.24,78.129.228.30,78.129.228.32,78.129.228.35,78.129.228.39,78.129.228.45,78.129.228.52,78.129.228.56,78.129.228.58,78.129.228.6] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 127) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404252; rev:2033;)
alert udp $HOME_NET any <> [78.129.228.24,78.129.228.30,78.129.228.32,78.129.228.35,78.129.228.39,78.129.228.45,78.129.228.52,78.129.228.56,78.129.228.58,78.129.228.6] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 127) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404253; rev:2033;)
alert tcp $HOME_NET any <> [78.129.228.64,78.129.228.65,78.129.228.7,78.129.239.80,78.157.104.207,78.24.188.201,78.24.217.169,78.46.21.247,78.46.40.163,78.46.74.78] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 128) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404254; rev:2033;)
alert udp $HOME_NET any <> [78.129.228.64,78.129.228.65,78.129.228.7,78.129.239.80,78.157.104.207,78.24.188.201,78.24.217.169,78.46.21.247,78.46.40.163,78.46.74.78] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 128) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404255; rev:2033;)
alert tcp $HOME_NET any <> [78.47.47.177,79.113.167.139,79.120.77.7,79.121.235.77,79.134.0.34,79.143.254.153,79.165.173.146,8.225.195.155,8.7.233.36,8.7.233.42] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 129) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404256; rev:2033;)
alert udp $HOME_NET any <> [78.47.47.177,79.113.167.139,79.120.77.7,79.121.235.77,79.134.0.34,79.143.254.153,79.165.173.146,8.225.195.155,8.7.233.36,8.7.233.42] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 129) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404257; rev:2033;)
alert tcp $HOME_NET any <> [8.7.233.43,8.7.233.44,8.7.233.45,8.8.247.40,80.101.63.84,80.126.201.245,80.13.162.101,80.154.61.188,80.162.11.155,80.179.146.140] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 130) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404258; rev:2033;)
alert udp $HOME_NET any <> [8.7.233.43,8.7.233.44,8.7.233.45,8.8.247.40,80.101.63.84,80.126.201.245,80.13.162.101,80.154.61.188,80.162.11.155,80.179.146.140] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 130) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404259; rev:2033;)
alert tcp $HOME_NET any <> [80.184.117.130,80.190.246.162,80.237.201.63,80.242.32.71,80.247.72.130,80.248.218.122,80.48.115.6,80.64.140.13,80.68.89.201,80.69.66.120] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 131) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404260; rev:2033;)
alert udp $HOME_NET any <> [80.184.117.130,80.190.246.162,80.237.201.63,80.242.32.71,80.247.72.130,80.248.218.122,80.48.115.6,80.64.140.13,80.68.89.201,80.69.66.120] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 131) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404261; rev:2033;)
alert tcp $HOME_NET any <> [80.69.82.126,80.71.245.245,80.86.81.184,80.92.100.145,81.169.136.37,81.169.168.122,81.169.182.216,81.169.183.179,81.18.129.4,81.18.164.79] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 132) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404262; rev:2033;)
alert udp $HOME_NET any <> [80.69.82.126,80.71.245.245,80.86.81.184,80.92.100.145,81.169.136.37,81.169.168.122,81.169.182.216,81.169.183.179,81.18.129.4,81.18.164.79] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 132) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404263; rev:2033;)
alert tcp $HOME_NET any <> [81.252.38.10,81.26.211.130,81.29.65.57,81.31.33.35,81.88.217.254,81.9.48.14,82.136.2.130,82.138.241.140,82.138.241.146,82.138.241.149] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 133) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404264; rev:2033;)
alert udp $HOME_NET any <> [81.252.38.10,81.26.211.130,81.29.65.57,81.31.33.35,81.88.217.254,81.9.48.14,82.136.2.130,82.138.241.140,82.138.241.146,82.138.241.149] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 133) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404265; rev:2033;)
alert tcp $HOME_NET any <> [82.138.241.150,82.146.48.13,82.146.49.176,82.146.49.202,82.146.49.98,82.146.51.114,82.146.51.130,82.146.51.132,82.146.51.147,82.146.52.136] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 134) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404266; rev:2033;)
alert udp $HOME_NET any <> [82.138.241.150,82.146.48.13,82.146.49.176,82.146.49.202,82.146.49.98,82.146.51.114,82.146.51.130,82.146.51.132,82.146.51.147,82.146.52.136] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 134) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404267; rev:2033;)
alert tcp $HOME_NET any <> [82.146.52.196,82.146.52.217,82.146.52.76,82.146.52.89,82.146.52.98,82.146.53.145,82.146.53.63,82.146.59.188,82.165.47.16,82.192.79.114] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 135) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404268; rev:2033;)
alert udp $HOME_NET any <> [82.146.52.196,82.146.52.217,82.146.52.76,82.146.52.89,82.146.52.98,82.146.53.145,82.146.53.63,82.146.59.188,82.165.47.16,82.192.79.114] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 135) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404269; rev:2033;)
alert tcp $HOME_NET any <> [82.197.82.176,82.197.82.177,82.23.22.245,82.230.41.47,82.76.255.62,82.78.186.30,82.80.231.202,82.94.222.186,82.96.75.46,83.103.99.9] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 136) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404270; rev:2033;)
alert udp $HOME_NET any <> [82.197.82.176,82.197.82.177,82.23.22.245,82.230.41.47,82.76.255.62,82.78.186.30,82.80.231.202,82.94.222.186,82.96.75.46,83.103.99.9] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 136) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404271; rev:2033;)
alert tcp $HOME_NET any <> [83.133.119.206,83.133.120.199,83.136.48.15,83.137.112.20,83.137.41.33,83.140.162.126,83.140.172.210,83.140.172.211,83.140.172.212,83.142.48.72] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 137) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404272; rev:2033;)
alert udp $HOME_NET any <> [83.133.119.206,83.133.120.199,83.136.48.15,83.137.112.20,83.137.41.33,83.140.162.126,83.140.172.210,83.140.172.211,83.140.172.212,83.142.48.72] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 137) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404273; rev:2033;)
alert tcp $HOME_NET any <> [83.142.85.10,83.149.112.71,83.149.234.76,83.16.34.202,83.170.81.10,83.170.81.4,83.170.81.7,83.170.84.107,83.170.84.12,83.170.84.9] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 138) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404274; rev:2033;)
alert udp $HOME_NET any <> [83.142.85.10,83.149.112.71,83.149.234.76,83.16.34.202,83.170.81.10,83.170.81.4,83.170.81.7,83.170.84.107,83.170.84.12,83.170.84.9] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 138) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404275; rev:2033;)
alert tcp $HOME_NET any <> [83.176.245.159,83.217.192.243,83.222.226.135,83.243.45.84,83.243.46.2,83.243.47.58,83.248.154.79,83.68.16.6,84.11.26.30,84.16.231.52] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 139) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404276; rev:2033;)
alert udp $HOME_NET any <> [83.176.245.159,83.217.192.243,83.222.226.135,83.243.45.84,83.243.46.2,83.243.47.58,83.248.154.79,83.68.16.6,84.11.26.30,84.16.231.52] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 139) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404277; rev:2033;)
alert tcp $HOME_NET any <> [84.19.172.60,84.19.182.112,84.19.183.112,84.200.208.182,84.200.225.70,84.200.225.80,84.200.225.85,84.200.242.4,84.201.7.15,84.232.6.70] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 140) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404278; rev:2033;)
alert udp $HOME_NET any <> [84.19.172.60,84.19.182.112,84.19.183.112,84.200.208.182,84.200.225.70,84.200.225.80,84.200.225.85,84.200.242.4,84.201.7.15,84.232.6.70] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 140) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404279; rev:2033;)
alert tcp $HOME_NET any <> [85.114.132.14,85.114.137.137,85.114.140.126,85.114.141.33,85.159.70.238,85.17.137.135,85.17.138.155,85.17.139.182,85.17.145.214,85.17.207.164] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 141) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404280; rev:2033;)
alert udp $HOME_NET any <> [85.114.132.14,85.114.137.137,85.114.140.126,85.114.141.33,85.159.70.238,85.17.137.135,85.17.138.155,85.17.139.182,85.17.145.214,85.17.207.164] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 141) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404281; rev:2033;)
alert tcp $HOME_NET any <> [85.17.7.34,85.17.93.147,85.17.93.22,85.195.108.223,85.195.37.98,85.196.7.112,85.196.81.19,85.196.81.211,85.196.81.9,85.214.102.20] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 142) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404282; rev:2033;)
alert udp $HOME_NET any <> [85.17.7.34,85.17.93.147,85.17.93.22,85.195.108.223,85.195.37.98,85.196.7.112,85.196.81.19,85.196.81.211,85.196.81.9,85.214.102.20] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 142) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404283; rev:2033;)
alert tcp $HOME_NET any <> [85.214.117.33,85.214.128.155,85.214.140.176,85.214.140.54,85.214.21.229,85.214.27.94,85.214.36.108,85.214.75.239,85.214.75.67,85.214.97.16] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 143) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404284; rev:2033;)
alert udp $HOME_NET any <> [85.214.117.33,85.214.128.155,85.214.140.176,85.214.140.54,85.214.21.229,85.214.27.94,85.214.36.108,85.214.75.239,85.214.75.67,85.214.97.16] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 143) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404285; rev:2033;)
alert tcp $HOME_NET any <> [85.236.110.226,85.236.110.228,85.24.148.106,85.24.148.125,85.25.10.63,85.25.131.169,85.25.224.38,85.25.236.217,85.82.217.198,86.104.11.104] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 144) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404286; rev:2033;)
alert udp $HOME_NET any <> [85.236.110.226,85.236.110.228,85.24.148.106,85.24.148.125,85.25.10.63,85.25.131.169,85.25.224.38,85.25.236.217,85.82.217.198,86.104.11.104] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 144) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404287; rev:2033;)
alert tcp $HOME_NET any <> [86.110.67.72,86.125.217.5,86.125.217.7,86.57.151.11,86.57.151.5,87.106.138.9,87.106.139.138,87.106.140.75,87.106.176.37,87.106.207.54] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 145) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404288; rev:2033;)
alert udp $HOME_NET any <> [86.110.67.72,86.125.217.5,86.125.217.7,86.57.151.11,86.57.151.5,87.106.138.9,87.106.139.138,87.106.140.75,87.106.176.37,87.106.207.54] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 145) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404289; rev:2033;)
alert tcp $HOME_NET any <> [87.106.61.8,87.106.89.66,87.118.124.140,87.118.126.87,87.118.87.98,87.118.89.3,87.118.97.207,87.124.86.31,87.227.96.214,87.228.16.218] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 146) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404290; rev:2033;)
alert udp $HOME_NET any <> [87.106.61.8,87.106.89.66,87.118.124.140,87.118.126.87,87.118.87.98,87.118.89.3,87.118.97.207,87.124.86.31,87.227.96.214,87.228.16.218] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 146) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404291; rev:2033;)
alert tcp $HOME_NET any <> [87.252.253.100,87.98.141.234,87.98.145.241,87.98.164.139,87.98.244.220,87.98.249.30,87.98.250.95,88.147.128.15,88.191.254.11,88.191.66.7] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 147) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404292; rev:2033;)
alert udp $HOME_NET any <> [87.252.253.100,87.98.141.234,87.98.145.241,87.98.164.139,87.98.244.220,87.98.249.30,87.98.250.95,88.147.128.15,88.191.254.11,88.191.66.7] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 147) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404293; rev:2033;)
alert tcp $HOME_NET any <> [88.191.67.99,88.198.93.235,88.255.104.162,88.255.104.171,88.255.104.172,88.80.5.41,88.87.21.40,89.144.96.87,89.149.201.156,89.149.226.157] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 148) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404294; rev:2033;)
alert udp $HOME_NET any <> [88.191.67.99,88.198.93.235,88.255.104.162,88.255.104.171,88.255.104.172,88.80.5.41,88.87.21.40,89.144.96.87,89.149.201.156,89.149.226.157] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 148) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404295; rev:2033;)
alert tcp $HOME_NET any <> [89.163.163.46,89.163.179.130,89.17.201.203,89.185.236.71,89.202.247.162,89.203.155.3,89.229.79.176,89.238.159.70,89.238.64.181,89.248.164.49] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 149) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404296; rev:2033;)
alert udp $HOME_NET any <> [89.163.163.46,89.163.179.130,89.17.201.203,89.185.236.71,89.202.247.162,89.203.155.3,89.229.79.176,89.238.159.70,89.238.64.181,89.248.164.49] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 149) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404297; rev:2033;)
alert tcp $HOME_NET any <> [89.248.166.44,89.29.204.242,91.121.0.76,91.121.100.100,91.121.107.112,91.121.115.74,91.121.143.15,91.121.158.18,91.121.158.80,91.121.166.117] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 150) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404298; rev:2033;)
alert udp $HOME_NET any <> [89.248.166.44,89.29.204.242,91.121.0.76,91.121.100.100,91.121.107.112,91.121.115.74,91.121.143.15,91.121.158.18,91.121.158.80,91.121.166.117] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 150) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404299; rev:2033;)
alert tcp $HOME_NET any <> [91.121.17.210,91.121.208.180,91.121.209.20,91.121.249.36,91.121.251.195,91.121.27.112,91.121.3.60,91.121.39.130,91.121.67.157,91.121.88.104] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 151) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404300; rev:2033;)
alert udp $HOME_NET any <> [91.121.17.210,91.121.208.180,91.121.209.20,91.121.249.36,91.121.251.195,91.121.27.112,91.121.3.60,91.121.39.130,91.121.67.157,91.121.88.104] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 151) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404301; rev:2033;)
alert tcp $HOME_NET any <> [91.121.89.104,91.121.96.150,91.121.96.182,91.121.96.69,91.149.157.69,91.188.59.193,91.194.66.8,91.194.85.186,91.196.111.5,91.200.42.28] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 152) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404302; rev:2033;)
alert udp $HOME_NET any <> [91.121.89.104,91.121.96.150,91.121.96.182,91.121.96.69,91.149.157.69,91.188.59.193,91.194.66.8,91.194.85.186,91.196.111.5,91.200.42.28] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 152) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404303; rev:2033;)
alert tcp $HOME_NET any <> [91.205.185.104,91.205.241.87,91.208.144.141,91.208.40.24,91.214.111.26,91.215.157.150,91.83.48.220,92.241.164.101,92.241.164.102,92.241.164.155] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 153) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404304; rev:2033;)
alert udp $HOME_NET any <> [91.205.185.104,91.205.241.87,91.208.144.141,91.208.40.24,91.214.111.26,91.215.157.150,91.83.48.220,92.241.164.101,92.241.164.102,92.241.164.155] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 153) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404305; rev:2033;)
alert tcp $HOME_NET any <> [92.241.164.83,92.241.165.157,92.241.180.65,92.241.184.17,92.241.190.231,92.241.190.90,92.243.2.46,92.243.21.112,92.243.23.21,92.243.8.212] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 154) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404306; rev:2033;)
alert udp $HOME_NET any <> [92.241.164.83,92.241.165.157,92.241.180.65,92.241.184.17,92.241.190.231,92.241.190.90,92.243.2.46,92.243.21.112,92.243.23.21,92.243.8.212] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 154) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404307; rev:2033;)
alert tcp $HOME_NET any <> [92.33.0.168,92.61.32.19,92.62.43.55,93.104.214.3,93.174.88.109,93.174.88.111,93.174.88.17,93.174.93.26,93.174.93.73,93.174.94.86] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 155) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404308; rev:2033;)
alert udp $HOME_NET any <> [92.33.0.168,92.61.32.19,92.62.43.55,93.104.214.3,93.174.88.109,93.174.88.111,93.174.88.17,93.174.93.26,93.174.93.73,93.174.94.86] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 155) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404309; rev:2033;)
alert tcp $HOME_NET any <> [93.174.94.87,93.189.105.234,93.190.138.42,93.190.138.52,93.190.206.138,93.62.62.208,94.102.55.131,94.102.55.222,94.102.58.24,94.103.155.83] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 156) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404310; rev:2033;)
alert udp $HOME_NET any <> [93.174.94.87,93.189.105.234,93.190.138.42,93.190.138.52,93.190.206.138,93.62.62.208,94.102.55.131,94.102.55.222,94.102.58.24,94.103.155.83] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 156) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404311; rev:2033;)
alert tcp $HOME_NET any <> [94.125.182.253,94.125.182.255,94.125.252.114,94.125.252.224,94.125.252.241,94.127.67.123,94.228.214.124,94.228.41.56,94.229.73.198,94.23.0.116] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 157) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404312; rev:2033;)
alert udp $HOME_NET any <> [94.125.182.253,94.125.182.255,94.125.252.114,94.125.252.224,94.125.252.241,94.127.67.123,94.228.214.124,94.228.41.56,94.229.73.198,94.23.0.116] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 157) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404313; rev:2033;)
alert tcp $HOME_NET any <> [94.23.120.229,94.23.148.187,94.23.149.99,94.23.15.100,94.23.153.223,94.23.154.132,94.23.154.167,94.23.157.150,94.23.158.247,94.23.22.62] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 158) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404314; rev:2033;)
alert udp $HOME_NET any <> [94.23.120.229,94.23.148.187,94.23.149.99,94.23.15.100,94.23.153.223,94.23.154.132,94.23.154.167,94.23.157.150,94.23.158.247,94.23.22.62] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 158) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404315; rev:2033;)
alert tcp $HOME_NET any <> [94.23.25.96,94.23.36.150,94.23.41.26,94.23.45.70,94.23.54.189,94.23.75.57,94.23.84.80,94.247.169.164,94.247.169.165,94.247.241.6] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 159) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404316; rev:2033;)
alert udp $HOME_NET any <> [94.23.25.96,94.23.36.150,94.23.41.26,94.23.45.70,94.23.54.189,94.23.75.57,94.23.84.80,94.247.169.164,94.247.169.165,94.247.241.6] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 159) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404317; rev:2033;)
alert tcp $HOME_NET any <> [94.46.127.1,94.47.254.1,94.73.48.201,94.75.205.140,94.75.206.129,94.76.225.80,95.131.66.179,95.143.192.165,95.154.194.41,95.168.163.235] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 160) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404318; rev:2033;)
alert udp $HOME_NET any <> [94.46.127.1,94.47.254.1,94.73.48.201,94.75.205.140,94.75.206.129,94.76.225.80,95.131.66.179,95.143.192.165,95.154.194.41,95.168.163.235] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 160) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404319; rev:2033;)
alert tcp $HOME_NET any <> [95.168.163.236,95.168.187.112,95.168.187.52,95.169.188.251,95.169.189.251,95.211.120.67,95.211.24.165,95.211.26.11,95.211.32.15,95.211.84.107] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 161) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404320; rev:2033;)
alert udp $HOME_NET any <> [95.168.163.236,95.168.187.112,95.168.187.52,95.169.188.251,95.169.189.251,95.211.120.67,95.211.24.165,95.211.26.11,95.211.32.15,95.211.84.107] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 161) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404321; rev:2033;)
alert tcp $HOME_NET any <> [95.211.84.108,95.211.84.164,95.211.85.119,95.211.97.206,96.23.36.245,96.248.60.29,97.107.129.187,97.107.130.165,97.107.132.56,98.142.242.183] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 162) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404322; rev:2033;)
alert udp $HOME_NET any <> [95.211.84.108,95.211.84.164,95.211.85.119,95.211.97.206,96.23.36.245,96.248.60.29,97.107.129.187,97.107.130.165,97.107.132.56,98.142.242.183] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 162) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404323; rev:2033;)
alert tcp $HOME_NET any <> [98.142.254.236,98.142.254.249,98.143.155.172,98.189.231.149,98.209.125.138,99.198.121.160,99.6.196.145] any (msg:"ET DROP Known Bot C&C Server Traffic TCP (group 163) "; flags:S; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404324; rev:2033;)
alert udp $HOME_NET any <> [98.142.254.236,98.142.254.249,98.143.155.172,98.189.231.149,98.209.125.138,99.198.121.160,99.6.196.145] any (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 163) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404325; rev:2033;)