alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [108.59.255.135,109.127.8.242,109.127.8.243,109.127.8.246,109.163.226.229,109.169.58.188,109.234.153.132,109.73.106.6,111.111.111.111,111.90.149.103,112.78.2.97,122.155.13.130,140.113.207.143,146.0.74.63,151.97.190.239,17.3.75.211,173.192.206.162,173.213.112.146,173.213.114.235,173.213.76.148,173.213.76.153,173.230.130.203,173.230.138.6,173.230.142.70,173.230.146.122,173.230.253.193,173.243.112.20,173.248.190.190,173.255.233.125,173.255.241.48,173.255.255.40] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 1";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240600; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [108.59.255.135,109.127.8.242,109.127.8.243,109.127.8.246,109.163.226.229,109.169.58.188,109.234.153.132,109.73.106.6,111.111.111.111,111.90.149.103,112.78.2.97,122.155.13.130,140.113.207.143,146.0.74.63,151.97.190.239,17.3.75.211,173.192.206.162,173.213.112.146,173.213.114.235,173.213.76.148,173.213.76.153,173.230.130.203,173.230.138.6,173.230.142.70,173.230.146.122,173.230.253.193,173.243.112.20,173.248.190.190,173.255.233.125,173.255.241.48,173.255.255.40] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 1";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240601; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [173.44.34.184,174.120.207.131,174.121.2.194,174.129.231.95,174.133.24.18,174.136.1.54,174.140.171.117,174.36.11.203,176.65.156.68,176.9.80.5,178.159.240.240,178.162.184.244,178.17.166.218,178.18.249.23,178.18.249.29,178.208.77.73,178.216.49.103,178.79.171.170,178.79.182.170,178.86.20.24,184.107.53.150,184.154.231.4,184.171.248.47,184.22.200.118,184.22.248.194,184.82.106.252,184.82.14.170,184.82.149.128,188.190.126.172,188.219.154.228,188.247.135.53] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 2";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240602; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [173.44.34.184,174.120.207.131,174.121.2.194,174.129.231.95,174.133.24.18,174.136.1.54,174.140.171.117,174.36.11.203,176.65.156.68,176.9.80.5,178.159.240.240,178.162.184.244,178.17.166.218,178.18.249.23,178.18.249.29,178.208.77.73,178.216.49.103,178.79.171.170,178.79.182.170,178.86.20.24,184.107.53.150,184.154.231.4,184.171.248.47,184.22.200.118,184.22.248.194,184.82.106.252,184.82.14.170,184.82.149.128,188.190.126.172,188.219.154.228,188.247.135.53] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 2";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240603; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [188.247.135.58,188.247.135.74,188.72.233.118,188.95.159.90,193.105.134.193,193.106.172.79,193.106.174.223,193.106.174.224,193.19.92.215,193.39.78.193,194.186.88.49,195.211.196.179,195.3.146.34,195.64.184.61,195.88.191.31,195.98.59.77,199.115.229.188,199.19.214.56,199.2.137.134,203.121.165.16,203.27.227.92,207.210.96.45,208.115.212.189,208.43.90.50,208.73.210.147,208.91.197.191,209.59.212.11,209.59.212.60,209.59.213.48,209.59.216.103,209.59.217.134] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 3";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240604; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [188.247.135.58,188.247.135.74,188.72.233.118,188.95.159.90,193.105.134.193,193.106.172.79,193.106.174.223,193.106.174.224,193.19.92.215,193.39.78.193,194.186.88.49,195.211.196.179,195.3.146.34,195.64.184.61,195.88.191.31,195.98.59.77,199.115.229.188,199.19.214.56,199.2.137.134,203.121.165.16,203.27.227.92,207.210.96.45,208.115.212.189,208.43.90.50,208.73.210.147,208.91.197.191,209.59.212.11,209.59.212.60,209.59.213.48,209.59.216.103,209.59.217.134] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 3";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240605; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [209.59.218.179,210.211.108.215,212.1.208.20,212.113.36.209,212.225.213.253,213.155.26.248,213.155.3.80,213.189.197.70,213.85.31.123,216.172.169.44,216.176.100.240,216.215.112.149,216.246.77.218,216.98.150.33,31.170.161.76,31.3.153.148,31.31.196.27,46.102.247.124,46.163.79.43,46.166.131.169,46.166.148.131,46.166.160.111,46.166.160.97,46.17.96.223,46.4.239.113,50.116.0.83,50.2.7.147,61.244.48.34,61.74.61.46,62.109.0.144,62.149.140.178] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 4";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240606; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [209.59.218.179,210.211.108.215,212.1.208.20,212.113.36.209,212.225.213.253,213.155.26.248,213.155.3.80,213.189.197.70,213.85.31.123,216.172.169.44,216.176.100.240,216.215.112.149,216.246.77.218,216.98.150.33,31.170.161.76,31.3.153.148,31.31.196.27,46.102.247.124,46.163.79.43,46.166.131.169,46.166.148.131,46.166.160.111,46.166.160.97,46.17.96.223,46.4.239.113,50.116.0.83,50.2.7.147,61.244.48.34,61.74.61.46,62.109.0.144,62.149.140.178] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 4";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240607; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [62.149.140.179,64.120.175.209,64.202.107.109,64.251.28.43,64.37.57.95,65.254.63.226,65.254.63.251,65.254.63.63,66.150.164.114,66.197.144.38,66.228.33.254,66.228.55.60,66.228.58.151,66.228.62.37,66.96.160.142,67.228.179.250,67.230.173.202,68.169.37.118,69.163.45.129,69.164.203.182,70.39.121.199,72.22.82.136,74.207.228.142,74.207.234.119,74.207.237.220,74.55.82.192,74.82.193.98,77.222.43.110,77.74.199.61,77.79.4.100,77.79.9.23] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 5";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240608; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [62.149.140.179,64.120.175.209,64.202.107.109,64.251.28.43,64.37.57.95,65.254.63.226,65.254.63.251,65.254.63.63,66.150.164.114,66.197.144.38,66.228.33.254,66.228.55.60,66.228.58.151,66.228.62.37,66.96.160.142,67.228.179.250,67.230.173.202,68.169.37.118,69.163.45.129,69.164.203.182,70.39.121.199,72.22.82.136,74.207.228.142,74.207.234.119,74.207.237.220,74.55.82.192,74.82.193.98,77.222.43.110,77.74.199.61,77.79.4.100,77.79.9.23] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 5";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240609; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [78.189.218.14,78.189.235.94,80.78.242.12,80.82.64.71,80.93.57.195,81.177.139.161,81.222.215.236,82.144.222.112,82.98.86.167,82.98.86.172,82.98.86.173,83.69.233.207,85.183.254.9,87.117.198.73,87.242.73.219,88.181.114.175,88.191.69.21,88.191.93.133,88.198.134.42,89.108.67.176,89.149.223.165,89.25.68.209,89.32.144.213,89.46.251.146,89.46.251.158,89.46.251.169,91.193.72.64,91.194.40.70,91.201.60.30,91.203.147.205,91.211.117.143] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 6";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240610; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [78.189.218.14,78.189.235.94,80.78.242.12,80.82.64.71,80.93.57.195,81.177.139.161,81.222.215.236,82.144.222.112,82.98.86.167,82.98.86.172,82.98.86.173,83.69.233.207,85.183.254.9,87.117.198.73,87.242.73.219,88.181.114.175,88.191.69.21,88.191.93.133,88.198.134.42,89.108.67.176,89.149.223.165,89.25.68.209,89.32.144.213,89.46.251.146,89.46.251.158,89.46.251.169,91.193.72.64,91.194.40.70,91.201.60.30,91.203.147.205,91.211.117.143] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 6";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240611; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [91.213.8.56,91.217.82.143,91.217.82.156,91.226.116.47,91.226.212.115,91.226.88.196,91.226.88.198,91.226.97.153,91.227.16.17,91.228.160.170,91.228.160.201,91.229.90.3,92.114.200.165,92.241.168.167,92.241.177.35,92.38.209.184,92.38.226.16,92.46.62.198,93.90.82.2,94.199.48.152,94.56.64.219,94.63.149.48,95.0.130.220,95.211.129.56,95.57.120.135,95.57.120.139,95.57.120.214,96.126.113.162,96.126.117.64,96.126.124.209,98.138.19.88] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 7";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240612; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [91.213.8.56,91.217.82.143,91.217.82.156,91.226.116.47,91.226.212.115,91.226.88.196,91.226.88.198,91.226.97.153,91.227.16.17,91.228.160.170,91.228.160.201,91.229.90.3,92.114.200.165,92.241.168.167,92.241.177.35,92.38.209.184,92.38.226.16,92.46.62.198,93.90.82.2,94.199.48.152,94.56.64.219,94.63.149.48,95.0.130.220,95.211.129.56,95.57.120.135,95.57.120.139,95.57.120.214,96.126.113.162,96.126.117.64,96.126.124.209,98.138.19.88] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 7";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240613; rev:1;)