alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [109.104.92.192,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.70.26.36,113.105.152.49,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.53.91.11,114.111.164.248,114.80.129.136,119.255.23.2,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,122.225.37.68,122.225.37.88,122.225.38.32,122.70.149.195,124.193.216.206,124.217.239.158,125.214.64.200,125.6.137.211] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 1";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240600; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [109.104.92.192,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.70.26.36,113.105.152.49,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.53.91.11,114.111.164.248,114.80.129.136,119.255.23.2,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,122.225.37.68,122.225.37.88,122.225.38.32,122.70.149.195,124.193.216.206,124.217.239.158,125.214.64.200,125.6.137.211] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 1";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240601; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [128.121.234.237,140.174.118.252,144.16.111.140,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,173.174.177.147,173.201.247.26,173.242.114.146,174.120.179.34,174.120.224.131,174.121.0.218,174.121.79.66,174.121.85.94,174.123.217.34,174.123.79.43,174.37.165.222,174.37.172.68,178.162.167.120,178.17.163.90,178.208.83.10,178.208.83.6,178.63.224.221,178.63.225.213,178.63.55.57,188.120.225.146,188.165.195.34,188.214.17.32,188.40.159.20,188.65.51.246] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 2";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240602; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [128.121.234.237,140.174.118.252,144.16.111.140,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,173.174.177.147,173.201.247.26,173.242.114.146,174.120.179.34,174.120.224.131,174.121.0.218,174.121.79.66,174.121.85.94,174.123.217.34,174.123.79.43,174.37.165.222,174.37.172.68,178.162.167.120,178.17.163.90,178.208.83.10,178.208.83.6,178.63.224.221,178.63.225.213,178.63.55.57,188.120.225.146,188.165.195.34,188.214.17.32,188.40.159.20,188.65.51.246] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 2";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240603; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [188.65.74.70,188.65.74.72,188.72.226.149,188.93.212.50,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.224.158.231,190.37.133.113,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.94.15,193.104.94.56,193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.109.246.210] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 3";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240604; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [188.65.74.70,188.65.74.72,188.72.226.149,188.93.212.50,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.224.158.231,190.37.133.113,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.94.15,193.104.94.56,193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.109.246.210] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 3";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240605; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [193.109.246.227,193.109.246.34,193.194.84.215,193.202.110.140,193.36.35.45,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.43.134.58,194.0.252.231,194.110.67.201,194.110.67.204,194.186.88.37,194.28.112.132,194.28.85.215,194.32.151.185,194.79.250.28,194.79.250.42,195.149.158.137,195.16.88.85,195.182.57.143,195.182.57.147,195.191.25.160,195.20.197.76,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 4";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240606; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [193.109.246.227,193.109.246.34,193.194.84.215,193.202.110.140,193.36.35.45,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.43.134.58,194.0.252.231,194.110.67.201,194.110.67.204,194.186.88.37,194.28.112.132,194.28.85.215,194.32.151.185,194.79.250.28,194.79.250.42,195.149.158.137,195.16.88.85,195.182.57.143,195.182.57.147,195.191.25.160,195.20.197.76,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 4";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240607; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [195.210.47.94,195.242.161.206,195.242.161.44,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.64.184.15,195.93.180.252,195.98.50.102,200.195.192.45,200.42.211.7,200.72.1.94,202.71.251.46,204.12.250.34,205.134.252.251,205.178.189.129,205.234.243.220,207.182.140.197,207.55.247.216] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 5";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240608; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [195.210.47.94,195.242.161.206,195.242.161.44,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.64.184.15,195.93.180.252,195.98.50.102,200.195.192.45,200.42.211.7,200.72.1.94,202.71.251.46,204.12.250.34,205.134.252.251,205.178.189.129,205.234.243.220,207.182.140.197,207.55.247.216] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 5";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240609; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [207.58.132.114,207.58.177.96,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.110,208.73.210.28,208.78.242.184,208.82.117.89,209.172.59.131,209.190.73.87,209.51.195.117,210.116.103.118,210.19.202.202,210.48.149.26,210.51.166.225,212.103.194.188,212.117.165.219,212.117.174.163,212.13.195.55,212.193.230.207,212.252.32.68,212.252.32.69,212.252.32.71,213.155.24.236,213.186.33.87,213.202.225.90,216.12.207.250,216.218.207.155,216.250.243.62] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 6";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240610; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [207.58.132.114,207.58.177.96,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.110,208.73.210.28,208.78.242.184,208.82.117.89,209.172.59.131,209.190.73.87,209.51.195.117,210.116.103.118,210.19.202.202,210.48.149.26,210.51.166.225,212.103.194.188,212.117.165.219,212.117.174.163,212.13.195.55,212.193.230.207,212.252.32.68,212.252.32.69,212.252.32.71,213.155.24.236,213.186.33.87,213.202.225.90,216.12.207.250,216.218.207.155,216.250.243.62] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 6";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240611; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [216.40.33.31,216.55.164.20,217.16.28.65,217.174.103.232,217.174.104.187,218.240.28.46,218.240.28.7,218.240.43.149,218.93.205.118,218.93.248.112,218.94.11.45,220.168.198.195,221.10.252.223,221.122.79.40,221.122.79.61,221.139.49.73,24.225.3.230,41.140.113.192,58.223.143.148,58.23.64.233,59.53.91.121,59.53.91.130,59.53.91.188,59.53.91.195,61.4.82.170,61.4.82.210,61.63.60.123,62.193.226.206,62.93.239.57,64.118.87.10,64.120.227.154] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 7";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240612; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [216.40.33.31,216.55.164.20,217.16.28.65,217.174.103.232,217.174.104.187,218.240.28.46,218.240.28.7,218.240.43.149,218.93.205.118,218.93.248.112,218.94.11.45,220.168.198.195,221.10.252.223,221.122.79.40,221.122.79.61,221.139.49.73,24.225.3.230,41.140.113.192,58.223.143.148,58.23.64.233,59.53.91.121,59.53.91.130,59.53.91.188,59.53.91.195,61.4.82.170,61.4.82.210,61.63.60.123,62.193.226.206,62.93.239.57,64.118.87.10,64.120.227.154] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 7";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240613; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [64.186.131.206,64.186.135.207,64.191.26.135,64.233.167.99,64.40.123.31,64.62.181.43,64.70.19.33,64.74.223.36,64.79.79.227,64.90.182.185,64.95.64.197,66.135.32.248,66.135.37.211,66.197.240.53,66.197.250.230,66.7.221.26,66.96.146.81,66.96.146.90,67.214.161.149,67.228.130.45,67.23.178.54,67.59.188.60,68.168.222.158,68.180.151.96,69.120.2.123,69.161.142.177,69.163.153.121,69.167.177.160,69.170.135.92,69.174.242.21,69.174.245.148] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 8";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240614; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [64.186.131.206,64.186.135.207,64.191.26.135,64.233.167.99,64.40.123.31,64.62.181.43,64.70.19.33,64.74.223.36,64.79.79.227,64.90.182.185,64.95.64.197,66.135.32.248,66.135.37.211,66.197.240.53,66.197.250.230,66.7.221.26,66.96.146.81,66.96.146.90,67.214.161.149,67.228.130.45,67.23.178.54,67.59.188.60,68.168.222.158,68.180.151.96,69.120.2.123,69.161.142.177,69.163.153.121,69.167.177.160,69.170.135.92,69.174.242.21,69.174.245.148] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 8";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240615; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [69.175.108.234,69.175.122.178,69.175.6.102,69.175.99.42,69.50.217.210,69.50.217.91,69.64.62.50,69.65.40.138,69.65.42.85,69.80.228.12,69.94.110.5,70.84.62.194,70.85.52.99,71.205.41.75,71.80.207.153,72.14.207.121,72.167.165.222,72.240.198.39,72.249.83.84,72.29.89.43,72.3.182.114,72.47.200.226,72.47.209.133,72.52.208.117,74.200.72.170,74.50.49.34,74.50.99.232,74.52.107.114,74.53.203.66,74.54.82.223,74.54.82.224] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 9";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240616; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [69.175.108.234,69.175.122.178,69.175.6.102,69.175.99.42,69.50.217.210,69.50.217.91,69.64.62.50,69.65.40.138,69.65.42.85,69.80.228.12,69.94.110.5,70.84.62.194,70.85.52.99,71.205.41.75,71.80.207.153,72.14.207.121,72.167.165.222,72.240.198.39,72.249.83.84,72.29.89.43,72.3.182.114,72.47.200.226,72.47.209.133,72.52.208.117,74.200.72.170,74.50.49.34,74.50.99.232,74.52.107.114,74.53.203.66,74.54.82.223,74.54.82.224] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 9";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240617; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [75.125.118.158,75.125.183.194,75.126.137.166,76.76.101.70,76.76.96.188,76.76.99.91,77.109.85.227,77.221.140.102,77.221.140.15,77.222.40.206,77.222.56.126,77.234.201.89,77.235.43.185,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74,77.78.249.130,77.78.249.30,77.92.93.2,78.129.174.227,78.24.222.123,78.39.243.50,78.46.42.233,79.5.97.184,8.5.1.36,80.6.22.239,80.74.142.85,80.82.17.136] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 10";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240618; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [75.125.118.158,75.125.183.194,75.126.137.166,76.76.101.70,76.76.96.188,76.76.99.91,77.109.85.227,77.221.140.102,77.221.140.15,77.222.40.206,77.222.56.126,77.234.201.89,77.235.43.185,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74,77.78.249.130,77.78.249.30,77.92.93.2,78.129.174.227,78.24.222.123,78.39.243.50,78.46.42.233,79.5.97.184,8.5.1.36,80.6.22.239,80.74.142.85,80.82.17.136] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 10";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240619; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [80.86.198.13,80.93.62.127,81.169.132.184,81.177.33.156,81.196.20.134,81.252.196.50,81.38.245.237,82.98.86.167,83.170.112.218,83.172.144.47,83.222.127.70,83.245.63.121,83.98.128.109,85.112.126.15,85.112.126.8,85.114.143.39,85.114.143.43,85.12.24.87,85.12.24.89,85.17.92.35,85.234.190.52,86.110.96.29,86.55.211.116,86.55.211.117,87.117.200.206,87.118.84.17,87.242.73.96,87.98.253.89,88.191.14.154,88.191.30.24,88.191.37.200] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 11";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240620; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [80.86.198.13,80.93.62.127,81.169.132.184,81.177.33.156,81.196.20.134,81.252.196.50,81.38.245.237,82.98.86.167,83.170.112.218,83.172.144.47,83.222.127.70,83.245.63.121,83.98.128.109,85.112.126.15,85.112.126.8,85.114.143.39,85.114.143.43,85.12.24.87,85.12.24.89,85.17.92.35,85.234.190.52,86.110.96.29,86.55.211.116,86.55.211.117,87.117.200.206,87.118.84.17,87.242.73.96,87.98.253.89,88.191.14.154,88.191.30.24,88.191.37.200] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 11";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240621; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [88.191.38.208,88.198.28.14,89.108.68.81,89.149.242.192,89.169.108.167,89.19.29.60,91.121.147.142,91.121.96.212,91.188.59.197,91.188.59.50,91.188.60.179,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 12";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240622; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [88.191.38.208,88.198.28.14,89.108.68.81,89.149.242.192,89.169.108.167,89.19.29.60,91.121.147.142,91.121.96.212,91.188.59.197,91.188.59.50,91.188.60.179,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 12";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240623; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.198.106.196,91.198.127.68,91.207.220.74,91.207.5.234,91.209.238.28,91.211.117.144,91.211.119.176,91.212.198.173,91.212.213.3,91.212.220.30,91.212.41.14,91.213.117.195,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,92.38.229.94] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 13";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240624; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.198.106.196,91.198.127.68,91.207.220.74,91.207.5.234,91.209.238.28,91.211.117.144,91.211.119.176,91.212.198.173,91.212.213.3,91.212.220.30,91.212.41.14,91.213.117.195,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,92.38.229.94] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 13";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240625; rev:1;)
alert tcp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [92.53.106.14,92.60.176.41,92.60.177.241,92.61.149.248,92.63.103.182,93.186.104.46,93.187.141.43,94.126.40.154,94.244.1.12,94.59.120.99,94.75.229.230,94.75.242.71,95.211.129.43,95.211.129.96,95.211.87.202,95.56.239.66,95.88.20.8,97.100.186.88,98.124.198.1] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 14";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240626; rev:1;)
alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> [92.53.106.14,92.60.176.41,92.60.177.241,92.61.149.248,92.63.103.182,93.186.104.46,93.187.141.43,94.126.40.154,94.244.1.12,94.59.120.99,94.75.229.230,94.75.242.71,95.211.129.43,95.211.129.96,95.211.87.202,95.56.239.66,95.88.20.8,97.100.186.88,98.124.198.1] any (msg: "MALWARE internal machine attempting to contact Zeus cmd and cntrl 14";reference:url,zeustracker.abuse.ch; threshold: type limit, track by_src, seconds 60, count 1; tag: host,30,seconds,src; classtype:misc-attack; sid:1240627; rev:1;)