Filename: 2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.634251833 seconds
Hash: 0d47ccd40e43f66b0a39c898eaa1902e
Uploaded: 1542473589

Logfiles


suricata-report-2018-11-17-T-16-53-36-11172018.1653-2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap.txt - (18048 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0d47ccd40e43f66b0a39c898eaa1902e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1653-2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap -vvv -k none
elapsedtime:25.544847
stderr:
stdout:
17/11/2018 -- 16:53:10 - <Info> - Configuration node 'rule-files' redefined.
17/11/2018 -- 16:53:10 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/11/2018 -- 16:53:10 - <Info> - CPUs/cores online: 1
17/11/2018 -- 16:53:10 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32224 and 'request-body-inspect-window' set to 16639 after randomization.
17/11/2018 -- 16:53:10 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32803 and 'response-body-inspect-window' set to 16334 after randomization.
17/11/2018 -- 16:53:10 - <Config> - DNS request flood protection level: 500
17/11/2018 -- 16:53:10 - <Config> - DNS per flow memcap (state-memcap): 524288
17/11/2018 -- 16:53:10 - <Config> - DNS global memcap: 16777216
17/11/2018 -- 16:53:10 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/11/2018 -- 16:53:10 - <Config> - preallocated 1000 hosts of size 136
17/11/2018 -- 16:53:10 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/11/2018 -- 16:53:10 - <Config> - using magic-file /usr/share/file/magic
17/11/2018 -- 16:53:10 - <Config> - Core dump size is unlimited.
17/11/2018 -- 16:53:10 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/11/2018 -- 16:53:10 - <Config> - preallocated 1000 defrag trackers of size 168
17/11/2018 -- 16:53:10 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/11/2018 -- 16:53:10 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/11/2018 -- 16:53:10 - <Config> - stream "memcap": 33554432
17/11/2018 -- 16:53:10 - <Config> - stream "midstream" session pickups: disabled
17/11/2018 -- 16:53:10 - <Config> - stream "async-oneside": disabled
17/11/2018 -- 16:53:10 - <Config> - stream "checksum-validation": disabled
17/11/2018 -- 16:53:10 - <Config> - stream."inline": disabled
17/11/2018 -- 16:53:10 - <Config> - stream "bypass": disabled
17/11/2018 -- 16:53:10 - <Config> - stream "max-synack-queued": 5
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly "memcap": 134217728
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly "depth": 0
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly "toserver-chunk-size": 2558
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly "toclient-chunk-size": 2599
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly.raw: enabled
17/11/2018 -- 16:53:10 - <Config> - stream.reassembly "segment-prealloc": 2048
17/11/2018 -- 16:53:10 - <Config> - Delayed detect disabled
17/11/2018 -- 16:53:10 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/11/2018 -- 16:53:10 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/11/2018 -- 16:53:10 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/11/2018 -- 16:53:10 - <Config> - prefilter engines: MPM
17/11/2018 -- 16:53:10 - <Config> - IP reputation disabled
17/11/2018 -- 16:53:10 - <Perf> - Registered 148 keyword profiling counters.
17/11/2018 -- 16:53:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/11/2018 -- 16:53:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/11/2018 -- 16:53:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/11/2018 -- 16:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/11/2018 -- 16:53:16 - <Config> - No rules loaded from ET-icmp.rules.
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/11/2018 -- 16:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/11/2018 -- 16:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/11/2018 -- 16:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/11/2018 -- 16:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/11/2018 -- 16:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/11/2018 -- 16:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/11/2018 -- 16:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/11/2018 -- 16:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/11/2018 -- 16:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/11/2018 -- 16:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/11/2018 -- 16:53:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/11/2018 -- 16:53:23 - <Config> - No rules loaded from local.rules.
17/11/2018 -- 16:53:23 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/11/2018 -- 16:53:23 - <Info> - Threshold config parsed: 0 rule(s) found
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tcp-packet
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tcp-stream
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for udp-packet
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for other-ip
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_uri
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_client_body
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_header
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_header_names
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_accept
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_accept_enc
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_accept_lang
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_referer
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_connection
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_content_len
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_content_type
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_protocol
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_start
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_raw_header
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_method
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_cookie
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_raw_uri
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_user_agent
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_host
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_raw_host
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_stat_msg
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_stat_code
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for dns_query
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tls_sni
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for dce_stub_data
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for ssh_protocol
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for ssh_software
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for file_data
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_request_line
17/11/2018 -- 16:53:24 - <Perf> - using shared mpm ctx' for http_response_line
17/11/2018 -- 16:53:24 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/11/2018 -- 16:53:24 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/11/2018 -- 16:53:24 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/11/2018 -- 16:53:24 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/11/2018 -- 16:53:24 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/11/2018 -- 16:53:24 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/11/2018 -- 16:53:24 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/11/2018 -- 16:53:24 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/11/2018 -- 16:53:30 - <Perf> - Unique rule groups: 104
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/11/2018 -- 16:53:30 - <Perf> - Builtin MPM "other IP packet": 3
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_header": 10
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_header": 6
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_start": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_method": 5
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver http_host": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toserver file_data": 1
17/11/2018 -- 16:53:30 - <Perf> - AppLayer MPM "toclient file_data": 7
17/11/2018 -- 16:53:33 - <Perf> - Registered 39590 rule profiling counters.
17/11/2018 -- 16:53:33 - <Info> - fast output device (regular) initialized: alert
17/11/2018 -- 16:53:33 - <Info> - eve-log output device (regular) initialized: eve.json
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'alert'
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'http'
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'dns'
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'tls'
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'files'
17/11/2018 -- 16:53:33 - <Config> - enabling 'eve-log' module 'ssh'
17/11/2018 -- 16:53:33 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/11/2018 -- 16:53:33 - <Info> - stats output device (regular) initialized: stats.log
17/11/2018 -- 16:53:33 - <Config

This file has been truncated. Go here to download in full.


packet_stats.log - (12163 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          8552          2881428     2784823256    1564857825      13382.7b   99.75
 IPv4      17            12       2652979723     2783666666    2742147322         32.9b    0.25
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          8552            67796       30067614        366380          3.1b   96.76
TMM_FLOWWORKER              IPv4      17            12           305461         685897        472630          5.7m    0.18
TMM_RECEIVEPCAPFILE         IPv4       6          8532             2545         151742          2914         24.9m    0.77
TMM_RECEIVEPCAPFILE         IPv4      17            12             2597           3435          2741         32.9k    0.00
TMM_DECODEPCAPFILE          IPv4       6          8532             2656        4805886          8726         74.5m    2.30
TMM_DECODEPCAPFILE          IPv4      17            12             2763          10464          3909         46.9k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          8532             2807          55853          3291         28.1m  0.94  
flow                    IPv4      17            12             2973           5104          3830         46.0k  0.00  
stream                  IPv4       6          8552             2719        2204140          9024         77.2m  2.58  
app-layer               IPv4      17            12            10291          68417         22275        267.3k  0.01  
detect                  IPv4       6          8552            44968       29724965        333237          2.8b  95.45 
detect                  IPv4      17            12           228873         530553        375437          4.5m  0.15  
tcp-prune               IPv4       6          8552             2548          65569          3002         25.7m  0.86  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            24             2792          31392          9390        225.4k  73.92 
dns                     IPv4      17            12             4780          12138          6627         79.5k  26.08 
Proto detect            IPv4      17            12             5564          45773         16176        194.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            13            17778         201643         67025        871.3k  4.73  
LOGGER_UNIFIED2             IPv4       6            13            21123         337845        101853          1.3m  7.19  
LOGGER_JSON_ALERT           IPv4       6            13            40750         152388         95135          1.2m  6.72  
LOGGER_JSON_DNS             IPv4      17            12            33542          98692         56077        672.9k  3.66  
LOGGER_JSON_HTTP            IPv4       6            17            62840       10255337        713053         12.1m  65.86 
LOGGER_JSON_FILE            IPv4       6            27            47544         189978         80675          2.2m  11.83 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          4322             2582        2057312         20345        87.9m  7.85  
payload                           IPv4      17            12            17246          53910         32803       393.6k  0.04  
stream                            IPv4       6          4322             2544        1775385         39053       168.8m  15.06 
http_uri                          IPv4       6            17             3616         125365         22669       385.4k  0.03  
http_request_line                 IPv4       6            17             4480          26804          8600       146.2k  0.01  
http_client_body                  IPv4       6            57             2601         582567         27659         1.6m  0.14  
http_header (request)             IPv4       6            17            46970         179413         83897         1.4m  0.13  
http_header (request trailer)     IPv4       6            17             2612           3848          2811        47.8k  0.00  
http_header_names (request)       IPv4       6            17            13457          28479         20230       343.9k  0.03  
http_accept (request)             IPv4       6            17             3190           7576          4259        72.4k  0.01  
http_referer (request)            IPv4       6            17             3033           9333          4683        79.6k  0.01  
http_content_len (request)        IPv4       6            17             3358           8150          4762        81.0k  0.01  
http_content_type (request)       IPv4       6            17             3187          11513          6624       112.6k  0.01  
http_protocol (request)           IPv4       6            17             3717          23051          6055       102.9k  0.01  
http_start (request)              IPv4       6            17             9072          28233         15433       262.4k  0.02  
http_raw_header (request)         IPv4       6            57             3558          37005          7940       452.6k  0.04  
http_method                       IPv4       6            17             4137          25158          7083       120.4k  0.01  
http_cookie (request)             IPv4       6            17             3149           4257          3412        58.0k  0.01  
http_raw_uri                      IPv4       6            17             2793          12376          5128        87.2k  0.01  
http_user_agent                   IPv4       6            17            13243          45874         25881       440.0k  0.04  
http_host                         IPv4       6            17             3752          11327          7021       119.4k  0.01  
dns_query                         IPv4      17             6             7290          13603         10792        64.8k  0.01  
http_response_line                IPv4       6            17             4152          20387          8575       145.8k  0.01  
http_header (response)            IPv4       6            17            16022          78094         39413       670.0k  0.06  
http_header (response trailer)    IPv4       6            17             2619          56463         15317       260.4k  0.02  
http_content_type (response)      IPv4       6            17             5192          13660          7829       133.1k  0.01  
http_raw_header (response)        IPv4       6          4209             3520          42458          4102        17.3m  1.54  
http_cookie (response)            IPv4       6            17             2894           3987          3216        54.7k  0.00  
http_stat_code                    IPv4       6            17             3213           6293          4495        76.4k  0.01  
file_data (http response)         IPv4       6          4192             2580       25605896        200095       838.8m  74.86 
Total                             IPv4                 17551                                         63842         1.1b

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            26             4149         144340         43634          1.1m  0.03  
PROF_DETECT_IPONLY          IPv4      17            12            37062          84036         50983        611.8k  0.01  
PROF_DETECT_RULES           IPv4       6          8552             2545       19165912        114979        983.3m  22.47 
PROF_DETECT_RULES           IPv4      17            12            79660         314834        200865          2.4m  0.06  
PROF_DETECT_STATEFUL_START    IPv4       6          6943             5110       10252304         72297        502.0m  11.47 
PROF_DETECT_STATEFUL_CONT    IPv4       6          8552             2525       27979380         16859        144.2m  3.29  
PROF_DETECT_STATEFUL_CONT    IPv4      17            12             5862           6338          6069         72.8k  0.00  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          8494             2549          64782          2811         23.9m  0.55  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             2664           3553          2916         35.0k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          8552             7788       25685367        158071          1.4b  30.89 
PROF_DETECT_PREFILTER       IPv4      17            12            48731          90021         67560        810.7k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv4       6          4322            15210        2067960         67933        293.6m  6.71  
PROF_DETECT_PF_PAYLOAD      IPv4      17            12            22880          70329         39588        475.1k  0.01  
PROF_DETECT_PF_TX           IPv4       6          8494             2551       25623589        108360        920.4m  21.03 
PROF_DETECT_PF_TX           IPv4      17             6            12965          19962         16654         99.9k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          3700             2547          48604          3288         12.2m  0.28  
PROF_DETECT_PF_SORT1        IPv4      17            12             3017           5111          3871         46.5k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          8552             2538          53855          2927         25.0m  0.57  
PROF_DETECT_PF_SORT2        IPv4      17            12             2983           4100          3415         41.0k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          8552             2551        6368147          3790         32.4m  0.74  
PROF_DETECT_NONMPMLIST      IPv4      17            12             2899           3536          3265         39.2k  0.00  
PROF_DETECT_ALERT           IPv4       6          8552             2527          44776          2789         23.9m  0.55  
PROF_DETECT_ALERT           IPv4      17            12             2531           3081          2716         32.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          8552             2562        6108247          3694         31.6m  0.72  
PROF_DETECT_CLEANUP         IPv4      17            12             2998           4481          3439         41.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6          8552             2522          68800          3036         26.0m  0.59  
PROF_DETECT_GETSGH          IPv4      17            12             5708           8438          6383         76.6k  0.00  


suricata-4.0.0-etpro-all-perf.txt-2018-11-17-T-16-53-36-11172018.1653-2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap.txt - (77399 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/17/2018 -- 16:53:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2812433      1        2        71062049     7.56   43       0        27658405    1652605.79  0.00        1652605.79 
  2        2816910      1        2        17682299     1.88   17       0        16757956    1040135.24  0.00        1040135.24 
  3        2821384      1        2        8522860      0.91   2        0        8472484     4261430.00  0.00        4261430.00 
  4        2016537      1        2        64801010     6.89   4173     0        4413715     15528.64    0.00        15528.64   
  5        2809306      1        4        10905233     1.16   630      0        2165136     17309.89    0.00        17309.89   
  6        2819664      1        2        117872174    12.54  762      0        543747      154687.89   0.00        154687.89  
  7        2819930      1        2        116974294    12.44  762      0        538119      153509.57   0.00        153509.57  
  8        2826034      1        1        766641       0.08   11       1        535043      69694.64    535043.00   23159.80   
  9        2820158      1        2        88836045     9.45   613      0        523393      144920.14   0.00        144920.14  
  10       2018784      1        9        891033       0.09   3        0        449320      297011.00   0.00        297011.00  
  11       2025185      1        3        930933       0.10   4        0        447959      232733.25   0.00        232733.25  
  12       2016143      1        3        8230851      0.88   555      0        410850      14830.36    0.00        14830.36   
  13       2001330      1        8        12005150     1.28   4045     0        392829      2967.90     0.00        2967.90    
  14       2820157      1        2        89421583     9.51   613      0        307160      145875.34   0.00        145875.34  
  15       2020865      1        3        19185688     2.04   154      0        304621      124582.39   0.00        124582.39  
  16       2017072      1        3        799497       0.09   4        0        303727      199874.25   0.00        199874.25  
  17       2803657      1        5        11649050     1.24   183      0        241807      63656.01    0.00        63656.01   
  18       2020318      1        8        641313       0.07   4        0        224907      160328.25   0.00        160328.25  
  19       2804911      1        3        3084645      0.33   62       0        220556      49752.34    0.00        49752.34   
  20       2016855      1        2        208218       0.02   1        0        208218      208218.00   0.00        208218.00  
  21       2819933      1        2        1206440      0.13   10       0        171713      120644.00   0.00        120644.00  
  22       2803027      1        6        3864666      0.41   68       0        165015      56833.32    0.00        56833.32   
  23       2018358      1        7        650022       0.07   43       1        160439      15116.79    160439.00   11656.74   
  24       2019881      1        3        214649       0.02   3        0        156751      71549.67    0.00        71549.67   
  25       2016854      1        3        155997       0.02   1        0        155997      155997.00   0.00        155997.00  
  26       2815887      1        2        1445635      0.15   13       0        145765      111202.69   0.00        111202.69  
  27       2020726      1        2        290416       0.03   3        0        137082      96805.33    0.00        96805.33   
  28       2816929      1        4        651945       0.07   17       0        133231      38349.71    0.00        38349.71   
  29       2827580      1        7        462796       0.05   11       0        133038      42072.36    0.00        42072.36   
  30       2804906      1        3        1026604      0.11   27       0        128207      38022.37    0.00        38022.37   
  31       2816909      1        2        1096517      0.12   17       0        125307      64501.00    0.00        64501.00   
  32       2804907      1        3        2912831      0.31   56       0        122646      52014.84    0.00        52014.84   
  33       2819659      1        4        1070003      0.11   10       0        122027      107000.30   0.00        107000.30  
  34       2019094      1        5        468875       0.05   43       0        121815      10904.07    0.00        10904.07   
  35       2017824      1        3        270713       0.03   3        0        118181      90237.67    0.00        90237.67   
  36       2826092      1        2        115363       0.01   1        0        115363      115363.00   0.00        115363.00  
  37       2828008      1        2        586437       0.06   17       0        115104      34496.29    0.00        34496.29   
  38       2802987      1        5        4942392      0.53   119      0        113553      41532.71    0.00        41532.71   
  39       2025064      1        5        802463       0.09   17       0        113193      47203.71    0.00        47203.71   
  40       2804927      1        2        2782237      0.30   59       0        110033      47156.56    0.00        47156.56   
  41       2024909      1        2        5782469      0.61   283      0        108662      20432.75    0.00        20432.75   
  42       2803760      1        3        185575       0.02   6        0        106069      30929.17    0.00        30929.17   
  43       2017552      1        6        58965735     6.27   4190     0        103092      14072.97    0.00        14072.97   
  44       2022552      1        2        8458604      0.90   427      0        99142       19809.38    0.00        19809.38   
  45       2017259      1        12       328266       0.03   9        0        96732       36474.00    0.00        36474.00   
  46       2823339      1        2        96550        0.01   1        0        96550       96550.00    0.00        96550.00   
  47       2016549      1        4        337589       0.04   5        0        95810       67517.80    0.00        67517.80   
  48       2017190      1        6        95664        0.01   1        0        95664       95664.00    0.00        95664.00   
  49       2810276      1        6        184507       0.02   2        1        94325       92253.50    94325.00    90182.00   
  50       2801929      1        7        3828903      0.41   78       0        93657       49088.50    0.00        49088.50   
  51       2801930      1        7        3617586      0.38   78       0        93439       46379.31    0.00        46379.31   
  52       2827279      1        5        512801       0.05   17       0        92661       30164.76    0.00        30164.76   
  53       2022053      1        2        321165       0.03   18       0        92144       17842.50    0.00        17842.50   
  54       2025178      1        2        331620       0.04   6        1        90076       55270.00    90076.00    48308.80   
  55       2016141      1        5        90075        0.01   1        1        90075       90075.00    90075.00    0.00       
  56       2810481      1        4        12986418     1.38   652      0        89849       19917.82    0.00        19917.82   
  57       2018121      1        4        88260        0.01   1        0        88260       88260.00    0.00        88260.00   
  58       2809363      1        3        333711       0.04   43       0        86738       7760.72     0.00        7760.72    
  59       2019345      1        2        3893168      0.41   124      0        86608       31396.52    0.00        31396.52   
  60       2025142      1        2        519625       0.06   8        0        85240       64953.12    0.00        64953.12   
  61       2802991      1        5        1254097      0.13   30       0        84747       41803.23    0.00        41803.23   
  62       2019344      1        5        143913       0.02   3        1        81595       47971.00    81595.00    31159.00   
  63       2024601      1        2        210453       0.02   5        0        77824       42090.60    0.00        42090.60   
  64       2821839      1        2        165212       0.02   3        0        76755       55070.67    0.00        55070.67   
  65       2820811      1        2        485724       0.05   30       0        76310       16190.80    0.00        16190.80   
  66       2020855      1        3        447025       0.05   14       0        75289       31930.36    0.00        31930.36   
  67       2815254      1        7        75043        0.01   1        0        75043       75043.00    0.00        75043.00   
  68       2806802      1        2        25338034     2.69   1260     0        75012       20109.55    0.00        20109.55   
  69       2820851      1        5        741206       0.08   17       0        74523       43600.35    0.00        43600.35   
  70       2022197      1        3        117534       0.01   3        0        73429       39178.00    0.00        39178.00   
  71       2022550      1        16       73224        0.01   1        0        73224       73224.00    0.00        73224.00   
  72       2807970      1        8        341192       0.04   43       0        73116       7934.70     0.00        7934.70    
  73       2024381      1        1        138041       0.01   2        2        73073       69020.50    69020.50    0.00       
  74       2008575      1        5        1163318      0.12   151      0        72712       7704.09     0.00        7704.09    
  75       2825063      1        2        208610       0.02   6        0        71635       34768.33    0.00        34768.33   
  76       2020470      1        6        474444       0.05   15       0        69993       31629.60    0.00        31629.60   
  77       2024650      1        1        14285246     1.52   1039     0        69918       13749.03    0.00        13749.03   
  78       2816940      1        2        972918       0.10   17       0        69315       57230.47    0.00        57230.47   
  79       2821561      1        2        437200       0.05   12       0        68939       36433.33    0.00        36433.33   
  80       2807400      1        3        147657       0.02   3        0        68791       49219.00    0.00        49219.00   
  81       2809074      1        2        68752        0.01   1        0        68752       68752.00    0.00        68752.00   
  82       2821471      1        2        150766       0.02   3        0        67437       50255.33    0.00        50255.33   
  83       2017261      1        3        165207       0.02   3        0        67380       55069.00    0.00        55069.00   
  84       2807440      1        3        396647       0.04   42       0        65897       9443.98     0.00        9443.98    
  85       2810991      1        4        378400       0.04   9        0        65009       42044.44    0.00        42044.44   
  86       2014473      1        5        8921468      0.95   652      0        64971       13683.23    0.00        13683.23   
  87       2018241      1        2        109808       0.01   18       0        64173       6100.44     0.00        6100.44    
  88       2016858      1        10       298212       0.03   43       0        63610       6935.16     0.00        6935.16    
  89       2823453      1        2        62909        0.01   1        0        62909       62909.00    0.00        62909.00   
  90       2018242      1        5        118102       0.01   3        0        62899       39367.33    0.00        39367.33   
  91       2816526      1        13       536347       0.06   17       0        62766       31549.82    0.00        31549.82   
  92       2018959      1        3        108555       0.01   18       1        62383       6030.83     62383.00    2716.00    
  93       2014380      1        4        464729       0.05   21       0        62377       22129.95    0.00        22129.95   
  94       2816327      1        4        645226       0.07   17       0        60769       37954.47    0.00        37954.47   
  95       2024829      1        2        9242294      0.98   450      0        60416       20538.43    0.00        20538.43   
  96       2819694      1        2        5606290      0.60   413      0        60355       13574.55    0.00        13574.55   
  97       2023916      1        2        146327       0.02   3        0        60241       48775.67    0.00        48775.67   
  98       2816530      1        2        59200        0.01   1        0        59200       59200.00    0.00        59200.00   
  99       2825926      1        2        117763       0.01   2        0        59099       58881.50    0.00        58881.50   
  100      2828986      1        2        2179796      0.23   300      0        59081       7265.99     0.00        7265.99    
  101      2820003      1        2        2617648      0.28   198      0        58891       13220.44    0.00        13220.44   
  102      2816927      1        3        540846       0.06   17       0        58660       31814.47    0.00        31814.47   
  103      2815817      1        5        571197       0.06   17       0        58583       33599.82    0.00        33599.82   
  104      2816924      1        4        517872       0.06   17       0        58464       30463.06    0.00        30463.06   
  105      2816808      1        2        162111       0.02   26       1        58221       6235.04     58221.00    4155.60    
  106      2022896      1        5        57842        0.01   1        0        57842       57842.00    0.00        57842.00   
  107      2830036      1        1        231056       0.02   9        0        56941       25672.89    0.00        25672.89   
  108      2828060      1        4        617863       0.07   19       0        56607       32519.11    0.00        32519.11   
  109      2022830      1        2        56546        0.01   1        0        56546       56546.00    0.00        56546.00   
  110      2015744      1        4        80950        0.01   10       1        56144       8095.00     56144.00    2756.22    
  111      2016503      1        2        1942096      0.21   162      0        56135       11988.25    0.00        11988.25   
  112      2020569      1        1        141409       0.02   3        0        56026       47136.33    0.00        47136.33   
  113      2021418      1        9        137340       0.01   3        0        55722       45780.00    0.00        45780.00   
  114      2022901      1        2        278184       0.03   43       0        55352       6469.40     0.00        6469.40    
  115      2811740      1        2        378359       0.04   14       0        54457       27025.64    0.00        27025.64   
  116      2017748      1        6        9071570      0.96   652      0        54444       13913.45    0.00        13913.45   
  117      2816525      1        10       656241       0.07   17       0        54345       38602.41    0.00        38602.41   
  118      2025119      1        3        228523       0.02   6        0        54227       38087.17    0.00        38087.17   
  119      2019343      1        3        487139       0.05   14       0        53988       34795.64    0.00        34795.64   
  120      2815942      1        2        105450       0.01   2        0        53647       52725.00    0.00        52725.00   
  121      2021413      1        2        124697       0.01   3        0        53639       41565.67    0.00        41565.67   
  122      2815102      1        2        106778       0.01   2        0        53605       53389.00    0.00        53389.00   
  123      2814883      1        3        303733       0.03   9        0        53458       33748.11    0.00        33748.11   
  124      2014819      1        3        53168        0.01   1        0        53168       53168.00    0.00        53168.00   
  125      2020960      1        2        

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2018-11-17-T-16-53-36-11172018.1653-2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap.txt - (4358 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
08/07/2018-14:48:28.405896  [**] [1:2024381:1] ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.8.7.102:49268 -> 176.57.214.100:80
08/07/2018-14:48:28.680936  [**] [1:2024170:2] ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.680936  [**] [1:2024353:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B641 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.680936  [**] [1:2024354:2] ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.681343  [**] [1:2826034:1] ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.683324  [**] [1:2816231:3] ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.683324  [**] [1:2820087:3] ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown/Xer EK [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.683324  [**] [1:2024362:2] ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:28.683842  [**] [1:2016827:3] ET INFO Suspicious Possible CollectGarbage in base64 3 [**] [Classification: Misc activity] [Priority: 3] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:29.325547  [**] [1:2811657:2] ETPRO CURRENT_EVENTS SunDown EK Flash June 23 2015 M1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:29.325547  [**] [1:2816808:2] ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:29.325547  [**] [1:2827800:2] ETPRO CURRENT_EVENTS RIG EK Flash Exploit Sep 05 2017 (CWS) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 176.57.214.100:80 -> 10.8.7.102:49268
08/07/2018-14:48:34.110437  [**] [1:2024381:1] ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.8.7.102:49271 -> 176.57.214.100:80
08/07/2018-14:48:37.272654  [**] [1:2810276:6] ETPRO TROJAN Alureon CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.8.7.102:49272 -> 217.23.4.201:80
08/07/2018-14:48:37.272654  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.8.7.102:49272 -> 217.23.4.201:80
08/07/2018-14:48:41.380230  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.8.7.102:49273 -> 85.143.171.2:80
08/07/2018-14:48:41.653446  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 85.143.171.2:80 -> 10.8.7.102:49273
08/07/2018-14:48:41.653446  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 85.143.171.2:80 -> 10.8.7.102:49273
08/07/2018-14:48:42.192236  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 85.143.171.2:80 -> 10.8.7.102:49273
08/07/2018-14:49:17.022011  [**] [1:2025178:2] ET TROJAN Sharik/Smoke CnC Beacon 9 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.8.7.102:49278 -> 85.206.160.34:80
08/07/2018-14:49:17.287201  [**] [1:2829848:2] ETPRO TROJAN SmokeLoader encrypted module (3) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 85.206.160.34:80 -> 10.8.7.102:49278


stats.log - (2547 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 11/17/2018 -- 16:53:36 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 8544
decoder.bytes                              | Total                     | 5966137
decoder.ipv4                               | Total                     | 8544
decoder.ethernet                           | Total                     | 8544
decoder.tcp                                | Total                     | 8532
decoder.udp                                | Total                     | 12
decoder.avg_pkt_size                       | Total                     | 698
decoder.max_pkt_size                       | Total                     | 1342
flow.tcp                                   | Total                     | 13
flow.udp                                   | Total                     | 6
tcp.sessions                               | Total                     | 13
tcp.syn                                    | Total                     | 13
tcp.synack                                 | Total                     | 13
tcp.rst                                    | Total                     | 3
detect.alert                               | Total                     | 21
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 13
app_layer.tx.http                          | Total                     | 17
app_layer.flow.dns_udp                     | Total                     | 6
app_layer.tx.dns_udp                       | Total                     | 6
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076032


eve.json - (40319 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{"timestamp":"2018-08-07T14:48:26.735939+0000","flow_id":8528483468033,"pcap_cnt":12,"event_type":"http","src_ip":"10.8.7.102","src_port":49260,"dest_ip":"88.208.7.194","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"freedatingvideo.info","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:27.003285+0000","flow_id":2068300309349127,"pcap_cnt":16,"event_type":"http","src_ip":"10.8.7.102","src_port":49259,"dest_ip":"88.208.7.194","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"freedatingvideo.info","url":"\/popunder.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:27.526648+0000","flow_id":1108486787910612,"pcap_cnt":26,"event_type":"http","src_ip":"10.8.7.102","src_port":49266,"dest_ip":"88.208.7.195","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"freshechka.info","url":"\/ads\/adv","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:28.405896+0000","flow_id":2224310701504677,"pcap_cnt":36,"event_type":"alert","src_ip":"10.8.7.102","src_port":49268,"dest_ip":"176.57.214.100","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024381,"rev":1,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:28.680936+0000","flow_id":2224310701504677,"pcap_cnt":56,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024170,"rev":2,"signature":"ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:28.680936+0000","flow_id":2224310701504677,"pcap_cnt":56,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024353,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B641","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-08-07T14:48:28.680936+0000","flow_id":2224310701504677,"pcap_cnt":56,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024354,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M1 B642","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-08-07T14:48:28.681343+0000","flow_id":2224310701504677,"pcap_cnt":60,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2826034,"rev":1,"signature":"ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 M5","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:28.683324+0000","flow_id":2224310701504677,"pcap_cnt":77,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816231,"rev":3,"signature":"ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:28.683324+0000","flow_id":2224310701504677,"pcap_cnt":77,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2820087,"rev":3,"signature":"ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown\/Xer EK","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2018-08-07T14:48:28.683324+0000","flow_id":2224310701504677,"pcap_cnt":77,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024362,"rev":2,"signature":"ET CURRENT_EVENTS SunDown EK RIP Landing M4 B641","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-08-07T14:48:28.683842+0000","flow_id":2224310701504677,"pcap_cnt":81,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016827,"rev":3,"signature":"ET INFO Suspicious Possible CollectGarbage in base64 3","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:28.950108+0000","flow_id":2224310701504677,"pcap_cnt":96,"event_type":"http","src_ip":"10.8.7.102","src_port":49268,"dest_ip":"176.57.214.100","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.57.214.100","url":"\/?NDE5NjI4&ywxEIBqcKgUDvIp&CNbXSyocGqe=cmVzb3J0&tas4=SwFhyIsLU18Q8638h0LdyBLNiZLUqxCONQ9NqZadRbRt2Fmny7QWd84kkxPT6mRVzu4tYl8gpQlR2arI&CRsdxBFhgexIzWS=cmVzb3J0&GSyxBFjB=Y2F0cw==&fd4f=xHrQMrXYbRrFFYbfKP7EUKFEMUzWA0KKwYuZhavVF5qxFDXGpbb1FxjspV6dCFiEmvBvdLEHIwCh1UDA&mQIhMadwXGWUhHa=c2My&ZFLhoJ=bW9uZXk=&BSZwuewa=cmVzb3J0&QRSpNLj=c3BvcnQ=&zqCuyjvrIYMU=Zmx5&oAXjcOCgmdL=c2Vh&NUVrWKXCzWBLgK=c2My&CvmEsfcHhJ=cmVzb3J0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:29.239676+0000","flow_id":2224310701504677,"pcap_cnt":98,"event_type":"fileinfo","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","http":{"hostname":"176.57.214.100","url":"\/?NDE5NjI4&ywxEIBqcKgUDvIp&CNbXSyocGqe=cmVzb3J0&tas4=SwFhyIsLU18Q8638h0LdyBLNiZLUqxCONQ9NqZadRbRt2Fmny7QWd84kkxPT6mRVzu4tYl8gpQlR2arI&CRsdxBFhgexIzWS=cmVzb3J0&GSyxBFjB=Y2F0cw==&fd4f=xHrQMrXYbRrFFYbfKP7EUKFEMUzWA0KKwYuZhavVF5qxFDXGpbb1FxjspV6dCFiEmvBvdLEHIwCh1UDA&mQIhMadwXGWUhHa=c2My&ZFLhoJ=bW9uZXk=&BSZwuewa=cmVzb3J0&QRSpNLj=c3BvcnQ=&zqCuyjvrIYMU=Zmx5&oAXjcOCgmdL=c2Vh&NUVrWKXCzWBLgK=c2My&CvmEsfcHhJ=cmVzb3J0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":38133},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":140863,"tx_id":0}}
{"timestamp":"2018-08-07T14:48:29.325547+0000","flow_id":2224310701504677,"pcap_cnt":154,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2811657,"rev":2,"signature":"ETPRO CURRENT_EVENTS SunDown EK Flash June 23 2015 M1","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:29.325547+0000","flow_id":2224310701504677,"pcap_cnt":154,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2816808,"rev":2,"signature":"ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-08-07T14:48:29.325547+0000","flow_id":2224310701504677,"pcap_cnt":154,"event_type":"alert","src_ip":"176.57.214.100","src_port":80,"dest_ip":"10.8.7.102","dest_port":49268,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2827800,"rev":2,"signature":"ETPRO CURRENT_EVENTS RIG EK Flash Exploit Sep 05 2017 (CWS)","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-08-07T14:48:29.325668+0000","flow_id":2224310701504677,"pcap_cnt":157,"event_type":"http","src_ip":"10.8.7.102","src_port":49268,"dest_ip":"176.57.214.100","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"176.57.214.100","url":"\/?Njg4MzY=&zsACTdJwMYDGe&PHACXrtdwd=cmVzb3J0&PpUfpM=c3BvcnQ=&tas4=IEawLljkHScgFpnd9UUQxF9P2qhhfdmBPKgMWG-BeKYl5BrpGQFrIL21T1y7YVQIgigECy&nEAZFlXiPpcCd=Y2F0cw==&sUNNGDiVYYy=Y2F0cw==&geJLFMASqaSWlQ=bWF0Y2h1cA==&mFekdNq=cmVzb3J0&fd4f=wnrQMvXcKRXQFYbEKuXDSKFDKU7WGUaVw4-chMG3YprNfynz1OzURnLwtASVVFmRrbMdKL&MdQnTFA=c3BvcnQ=&ghDkRK=c2Vh&MCLLbKY=Zmx5&ovKBPPm=bWF0Y2h1cA==&DhCJogTgRpC=Zmx5","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/x-shockwave-flash"}}
{"timestamp":"2018-08-07T14:48:34.110437+0000","flow_id":97614695499969,"pcap_cnt":168,"event_type":"alert","src_ip":"10.8.7.102","src_port":49271,"dest_ip":"176.57.214.100","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024381,"rev":1,"signature":"ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:35.906023+0000","flow_id":97614695499969,"pcap_cnt":498,"event_type":"http","src_ip":"10.8.7.102","src_port":49271,"dest_ip":"176.57.214.100","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"176.57.214.100","url":"\/?NjIwMTMx&FunosLLDmuf&wbKKaY=c3BvcnQ=&tas4=yI0LU18Q86z8h0XdyBPNiZPUqxaONQ9NqZedRbVt2Fmny7QWd8gkkxLT6mVVzuktV14W6QkQn637S6SJrkNA&ZTXYRNyYccje=Y2F0cw==&BICzZnOZ=c3BvcnQ=&ySPvVDqWiYvLJXx=c2Vh&ndkrYrLpaXKfk=cmVzb3J0&EHzDKB=Zmx5&fPodTXcN=c2My&xtYRRBHTjGoZ=bW9uZXk=&lbIgrsEKqwC=c2My&fd4f=xHvQMrLYbRrFFYffKP_EUKZEMUrWA0KKwYuZha3VF5uxFDPGpbf1FxnspVmdCF6EmvBvdLYHIweh1UHASwBh&IaPoZXPAh=c2Vh&vdUgurJlu=c3BvcnQ=","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2018-08-07T14:48:37.272654+0000","flow_id":1436162728454559,"pcap_cnt":508,"event_type":"alert","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2810276,"rev":6,"signature":"ETPRO TROJAN Alureon CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:37.272654+0000","flow_id":1436162728454559,"pcap_cnt":508,"event_type":"alert","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-08-07T14:48:37.272654+0000","flow_id":1436162728454559,"pcap_cnt":508,"event_type":"fileinfo","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1096},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":97,"tx_id":0}}
{"timestamp":"2018-08-07T14:48:39.326616+0000","flow_id":1436162728454559,"pcap_cnt":7603,"event_type":"http","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:39.795509+0000","flow_id":1436162728454559,"pcap_cnt":7609,"event_type":"fileinfo","src_ip":"217.23.4.201","src_port":80,"dest_ip":"10.8.7.102","dest_port":49272,"proto":"TCP","http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":4472431},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":4472418,"tx_id":0}}
{"timestamp":"2018-08-07T14:48:40.819510+0000","flow_id":1436162728454559,"pcap_cnt":7689,"event_type":"http","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html"}}
{"timestamp":"2018-08-07T14:48:40.819510+0000","flow_id":1436162728454559,"pcap_cnt":7689,"event_type":"fileinfo","src_ip":"10.8.7.102","src_port":49272,"dest_ip":"217.23.4.201","dest_port":80,"proto":"TCP","http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":52851,"tx_id":1}}
{"timestamp":"2018-08-07T14:48:41.380230+0000","flow_id":676391603994170,"pcap_cnt":7696,"event_type":"alert","src_ip":"10.8.7.102","src_port":49273,"dest_ip":"85.143.171.2","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":5,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:41.653446+0000","flow_id":676391603994170,"pcap_cnt":7748,"event_type":"alert","src_ip":"85.143.171.2","src_port":80,"dest_ip":"10.8.7.102","dest_port":49273,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:41.653446+0000","flow_id":676391603994170,"pcap_cnt":7748,"event_type":"alert","src_ip":"85.143.171.2","src_port":80,"dest_ip":"10.8.7.102","dest_port":49273,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2021076,"rev":2,"signature":"ET INFO SUSPICIOUS Dotted Quad Host MZ Response","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-08-07T14:48:42.192236+0000","flow_id":676391603994170,"pcap_cnt":7848,"event_type":"alert","src_ip":"85.143.171.2","src_port":80,"dest_ip":"10.8.7.102","dest_port":49273,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-08-07T14:48:42.463198+0000","flow_id":676391603994170,"pcap_cnt":8013,"event_type":"http","src_ip":"10.8.7.102","src_port":49273,"dest_ip":"85.143.171.2","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"85.143.171.2","url":"\/fazu.exe","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-08-07T14:48:45.825234+0000","flow_id":1436162728454559,"pcap_cnt":8017,"event_type":"fileinfo","src_ip":"217.23.4.201","src_port":80,"dest_ip":"10.8.7.102","dest_port":49272,"proto":"TCP","http":{"hostname":"217.23.4.201","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":2,"tx_id":1}}
{"timestamp":"2018-08-07T14:48:58.670922+0000","flow_id":382491288026314,"pcap_cnt":8018,"event_type":"dns","src_ip":"10.8.7.102","src_port":58417,"dest_ip":"10.8.7.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8858,"rrname":"actsconduit.icu","rrtype":"A","tx_id":0}}
{"timestamp":"2018-08-0

This file has been truncated. Go here to download in full.


unified2.alert.1542473613 - (47018 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
4[i±<1ˆã½
f°9ÖdÀtPI[i±<[i±<1ˆ-EÎ
f°9ÖdÀtPP	?POST /?NDE5NjI4&ywxEIBqcKgUDvIp&CNbXSyocGqe=cmVzb3J0&tas4=SwFhyIsLU18Q8638h0LdyBLNiZLUqxCONQ9NqZadRbRt2Fmny7QWd84kkxPT6mRVzu4tYl8gpQlR2arI&CRsdxBFhgexIzWS=cmVzb3J0&GSyxBFjB=Y2F0cw==&fd4f=xHrQMrXYbRrFFYbfKP7EUKFEMUzWA0KKwYuZhavVF5qxFDXGpbb1FxjspV6dCFiEmvBvdLEHIwCh1UDA&mQIhMadwXGWUhHa=c2My&ZFLhoJ=bW9uZXk=&BSZwuewa=cmVzb3J0&QRSpNLj=c3BvcnQ=&zqCuyjvrIYMU=Zmx5&oAXjcOCgmdL=c2Vh&NUVrWKXCzWBLgK=c2My&CvmEsfcHhJ=cmVzb3J0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 176.57.214.100
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

4[i±<
cèâê°9Öd
fPÀtZ[i±<[i±<
cè>E0½°9Öd
fPÀtP&çóo—`¨ú@¹Ý,v½%Œ“ëlL–"ÆÅñxöšðŽÇ¸g:‡u&´÷&}?îñïáa?€sò¥ø£´^¢ˆë%›Ây‚,ޓÁÁªüÏÐ]ߞߞߞߞÿ¿õÜ==·r%®¹Ø‡ç±àŽ.ìUëbÌ·Ñx¹ã\ÜÓ>ˆ{øÌ7ÀíÀq$”³¡œ’˵B&óržX®R*wˁP®öïéúoÏoÏoÏoÏoÏoÏoÏoÏoÏÿ³ž/äa98êz–{ãZ^ر´§^šÎ*˜×#Ÿ&Þ&}%ç•]óǶ”åï¦Ûԅwߓ»›åÀng÷êù0ÕÍëÔ©®³¼!xƒëyy/˜*6Þ"ù¶–QWž:‡ÈêhÒ´•ç*Ùê+síôDO[xÎo®8ËíFyõº›Ö²|/Žs˜Ä˜‡Úúæ>Ä~:ã|ç9:ÇÈÜÎ*f|>ûlùô£5¡ßÅs¼<Üw_¼{cÝoE‰Ö⧎^è›rÔ`ÞYÏÑvV–³¥È•4°†CU±x™KsÏêcžKù`òïñ°6ïXõóܺ”K/véÅ®t7˜ûùé¿‚yb¾ÌMñFyù-¬aíáBNöbLnçíÑÜý‹ùyü1»q|ðÂnÏØ_‚æ~”ç«n<[
UÌ­æV†¯óUD9v.ärÚz÷Ý×YeP÷Ӛ6[an¿:ކõ‚pÆ[H0ÿÔ<Õ7Q,á­|zÌsNÙTïÊ ~§3¥F9u{­.ÝT‚7 Rn«	欂öy¾+©¿âM'“án~Žg?Ôá¶C7S‡½±œ\ÉyœMžã‡íË`ÒÜÏ:q–+øÒ<¼Æ2悹ÔOsÙåyƒOß]ɍ*à^ãâ؈ðÏ£›ÙOÇÍr¤î0Ÿâö©u€rÀcÃæ/Úâ;×êÊ^x3Úº”Wlž.Rsì_Þâ±rÚÇT9Ä3º-¨ºÎÆs6–_1»}	Ú;ϟ>Oƒ
ÀëŸÜbNÂ:漄,Ïe>ïV¾5͙2`ã#̳~8Ë}y–§Û]×Oóx}Ï8§Ki=
wÏ$*ŽmÃo°¾XÞoËG,Û_QÙ:Ìóko¼wk Áo“­U=ç'«æëoéÄ‘åõ‚ï”÷-uÓà8ëØ/§ëp©
¼Ñ°Üߢn´7µ³÷ü.	vüÝbNð–ràÖ{÷Ì3¿`N˶.›çôT{5„ßSë;àw¿ øAY„_àwÃç˜08“WÍÖð‹È!üõŸ©¾86øítð†0íèJúºHc¼ló]ø¤rØW@~¶×0S‚2(Û¿bÎþÞ}wùÐÒÏx“ÛÆ¥¼w\ñæçâu6ç/9;ËÈr¾-å"ÿ™·0
)¿[ï
ŸpÃÚdžËÆß8ûޞuêGO¬wåނ“;W®éj˜SêMº 'Õâñ¥{</¼ÿÜirøwî4¹—õâ½2îdþòí;þçlœÞ=¬¼Ä_ÑÍ[ÿïX+zÏo蒫•›º_­I•~CWåöN©½ÝÐõ_tC×í\ù]Ð%ôê§t)µÛ»›óºäۛ;ù?tA®€üÝgù—ß·ì‹­rwSõoê•joY½»»½aX—ß–À¯õÕîÃöã?ù¶óF»ÒÇwÿû݇Ò+ùã»_}w÷醞·®vã5 µ4[i±<
cèã¡°9Öd
fPÀtZ[i±<[i±<
cè>E0½°9Öd
fPÀtP&çóo—`¨ú@¹Ý,v½%Œ“ëlL–"ÆÅñxöšðŽÇ¸g:‡u&´÷&}?îñïáa?€sò¥ø£´^¢ˆë%›Ây‚,ޓÁÁªüÏÐ]ߞߞߞߞÿ¿õÜ==·r%®¹Ø‡ç±àŽ.ìUëbÌ·Ñx¹ã\ÜÓ>ˆ{øÌ7ÀíÀq$”³¡œ’˵B&óržX®R*wˁP®öïéúoÏoÏoÏoÏoÏoÏoÏoÏoÏÿ³ž/äa98êz–{ãZ^ر´§^šÎ*˜×#Ÿ&Þ&}%ç•]óǶ”åï¦Ûԅwߓ»›åÀng÷êù0ÕÍëÔ©®³¼!xƒëyy/˜*6Þ"ù¶–QWž:‡ÈêhÒ´•ç*Ùê+síôDO[xÎo®8ËíFyõº›Ö²|/Žs˜Ä˜‡Úúæ>Ä~:ã|ç9:ÇÈÜÎ*f|>ûlùô£5¡ßÅs¼<Üw_¼{cÝoE‰Ö⧎^è›rÔ`ÞYÏÑvV–³¥È•4°†CU±x™KsÏêcžKù`òïñ°6ïXõóܺ”K/véÅ®t7˜ûùé¿‚yb¾ÌMñFyù-¬aíáBNöbLnçíÑÜý‹ùyü1»q|ðÂnÏØ_‚æ~”ç«n<[
UÌ­æV†¯óUD9v.ärÚz÷Ý×YeP÷Ӛ6[an¿:ކõ‚pÆ[H0ÿÔ<Õ7Q,á­|zÌsNÙTïÊ ~§3¥F9u{­.ÝT‚7 Rn«	欂öy¾+©¿âM'“án~Žg?Ôá¶C7S‡½±œ\ÉyœMžã‡íË`ÒÜÏ:q–+øÒ<¼Æ2悹ÔOsÙåyƒOß]ɍ*à^ãâ؈ðÏ£›ÙOÇÍr¤î0Ÿâö©u€rÀcÃæ/Úâ;×êÊ^x3Úº”Wlž.Rsì_Þâ±rÚÇT9Ä3º-¨ºÎÆs6–_1»}	Ú;ϟ>Oƒ
ÀëŸÜbNÂ:漄,Ïe>ïV¾5͙2`ã#̳~8Ë}y–§Û]×Oóx}Ï8§Ki=
wÏ$*ŽmÃo°¾XÞoËG,Û_QÙ:Ìóko¼wk Áo“­U=ç'«æëoéÄ‘åõ‚ï”÷-uÓà8ëØ/§ëp©
¼Ñ°Üߢn´7µ³÷ü.	vüÝbNð–ràÖ{÷Ì3¿`N˶.›çôT{5„ßSë;àw¿ øAY„_àwÃç˜08“WÍÖð‹È!üõŸ©¾86øítð†0íèJúºHc¼ló]ø¤rØW@~¶×0S‚2(Û¿bÎþÞ}wùÐÒÏx“ÛÆ¥¼w\ñæçâu6ç/9;ËÈr¾-å"ÿ™·0
)¿[ï
ŸpÃÚdžËÆß8ûޞuêGO¬wåނ“;W®éj˜SêMº 'Õâñ¥{</¼ÿÜirøwî4¹—õâ½2îdþòí;þçlœÞ=¬¼Ä_ÑÍ[ÿïX+zÏo蒫•›º_­I•~CWåöN©½ÝÐõ_tC×í\ù]Ð%ôê§t)µÛ»›óºäۛ;ù?tA®€üÝgù—ß·ì‹­rwSõoê•joY½»»½aX—ß–À¯õÕîÃöã?ù¶óF»ÒÇwÿû݇Ò+ùã»_}w÷醞·®vã5 µ4[i±<
cè㢰9Öd
fPÀtZ[i±<[i±<
cè>E0½°9Öd
fPÀtP&çóo—`¨ú@¹Ý,v½%Œ“ëlL–"ÆÅñxöšðŽÇ¸g:‡u&´÷&}?îñïáa?€sò¥ø£´^¢ˆë%›Ây‚,ޓÁÁªüÏÐ]ߞߞߞߞÿ¿õÜ==·r%®¹Ø‡ç±àŽ.ìUëbÌ·Ñx¹ã\ÜÓ>ˆ{øÌ7ÀíÀq$”³¡œ’˵B&óržX®R*wˁP®öïéúoÏoÏoÏoÏoÏoÏoÏoÏoÏÿ³ž/äa98êz–{ãZ^ر´§^šÎ*˜×#Ÿ&Þ&}%ç•]óǶ”åï¦Ûԅwߓ»›åÀng÷êù0ÕÍëÔ©®³¼!xƒëyy/˜*6Þ"ù¶–QWž:‡ÈêhÒ´•ç*Ùê+síôDO[xÎo®8ËíFyõº›Ö²|/Žs˜Ä˜‡Úúæ>Ä~:ã|ç9:ÇÈÜÎ*f|>ûlùô£5¡ßÅs¼<Üw_¼{cÝoE‰Ö⧎^è›rÔ`ÞYÏÑvV–³¥È•4°†CU±x™KsÏêcžKù`òïñ°6ïXõóܺ”K/véÅ®t7˜ûùé¿‚yb¾ÌMñFyù-¬aíáBNöbLnçíÑÜý‹ùyü1»q|ðÂnÏØ_‚æ~”ç«n<[
UÌ­æV†¯óUD9v.ärÚz÷Ý×YeP÷Ӛ6[an¿:ކõ‚pÆ[H0ÿÔ<Õ7Q,á­|zÌsNÙTïÊ ~§3¥F9u{­.ÝT‚7 Rn«	欂öy¾+©¿âM'“án~Žg?Ôá¶C7S‡½±œ\ÉyœMžã‡íË`ÒÜÏ:q–+øÒ<¼Æ2悹ÔOsÙåyƒOß]ɍ*à^ãâ؈ðÏ£›ÙOÇÍr¤î0Ÿâö©u€rÀcÃæ/Úâ;×êÊ^x3Úº”Wlž.Rsì_Þâ±rÚÇT9Ä3º-¨ºÎÆs6–_1»}	Ú;ϟ>Oƒ
ÀëŸÜbNÂ:漄,Ïe>ïV¾5͙2`ã#̳~8Ë}y–§Û]×Oóx}Ï8§Ki=
wÏ$*ŽmÃo°¾XÞoËG,Û_QÙ:Ìóko¼wk Áo“­U=ç'«æëoéÄ‘åõ‚ï”÷-uÓà8ëØ/§ëp©
¼Ñ°Üߢn´7µ³÷ü.	vüÝbNð–ràÖ{÷Ì3¿`N˶.›çôT{5„ßSë;àw¿ øAY„_àwÃç˜08“WÍÖð‹È!üõŸ©¾86øítð†0íèJúºHc¼ló]ø¤rØW@~¶×0S‚2(Û¿bÎþÞ}wùÐÒÏx“ÛÆ¥¼w\ñæçâu6ç/9;ËÈr¾-å"ÿ™·0
)¿[ï
ŸpÃÚdžËÆß8ûޞuêGO¬wåނ“;W®éj˜SêMº 'Õâñ¥{</¼ÿÜirøwî4¹—õâ½2îdþòí;þçlœÞ=¬¼Ä_ÑÍ[ÿïX+zÏo蒫•›º_­I•~CWåöN©½ÝÐõ_tC×í\ù]Ð%ôê§t)µÛ»›óºäۛ;ù?tA®€üÝgù—ß·ì‹­rwSõoê•joY½»»½aX—ß–À¯õÕîÃöã?ù¶óF»ÒÇwÿû݇Ò+ùã»_}w÷醞·®vã5 µ4[i±<
e+2°9Öd
fPÀtZ[i±<[i±<
e>E0½°9Öd
fPÀtP&çóo—`¨ú@¹Ý,v½%Œ“ëlL–"ÆÅñxöšðŽÇ¸g:‡u&´÷&}?îñïáa?€sò¥ø£´^¢ˆë%›Ây‚,ޓÁÁªüÏÐ]ߞߞߞߞÿ¿õÜ==·r%®¹Ø‡ç±àŽ.ìUëbÌ·Ñx¹ã\ÜÓ>ˆ{øÌ7ÀíÀq$”³¡œ’˵B&óržX®R*wˁP®öïéúoÏoÏoÏoÏoÏoÏoÏoÏoÏÿ³ž/äa98êz–{ãZ^ر´§^šÎ*˜×#Ÿ&Þ&}%ç•]óǶ”åï¦Ûԅwߓ»›åÀng÷êù0ÕÍëÔ©®³¼!xƒëyy/˜*6Þ"ù¶–QWž:‡ÈêhÒ´•ç*Ùê+síôDO[xÎo®8ËíFyõº›Ö²|/Žs˜Ä˜‡Úúæ>Ä~:ã|ç9:ÇÈÜÎ*f|>ûlùô£5¡ßÅs¼<Üw_¼{cÝoE‰Ö⧎^è›rÔ`ÞYÏÑvV–³¥È•4°†CU±x™KsÏêcžKù`òïñ°6ïXõóܺ”K/véÅ®t7˜ûùé¿‚yb¾ÌMñFyù-¬aíáBNöbLnçíÑÜý‹ùyü1»q|ðÂnÏØ_‚æ~”ç«n<[
UÌ­æV†¯óUD9v.ärÚz÷Ý×YeP÷Ӛ6[an¿:ކõ‚pÆ[H0ÿÔ<Õ7Q,á­|zÌsNÙTïÊ ~§3¥F9u{­.ÝT‚7 Rn«	欂öy¾+©¿âM'“án~Žg?Ôá¶C7S‡½±œ\ÉyœMžã‡íË`ÒÜÏ:q–+øÒ<¼Æ2悹ÔOsÙåyƒOß]ɍ*à^ãâ؈ðÏ£›ÙOÇÍr¤î0Ÿâö©u€rÀcÃæ/Úâ;×êÊ^x3Úº”Wlž.Rsì_Þâ±rÚÇT9Ä3º-¨ºÎÆs6–_1»}	Ú;ϟ>Oƒ
ÀëŸÜbNÂ:漄,Ïe>ïV¾5͙2`ã#̳~8Ë}y–§Û]×Oóx}Ï8§Ki=
wÏ$*ŽmÃo°¾XÞoËG,Û_QÙ:Ìóko¼wk Áo“­U=ç'«æëoéÄ‘åõ‚ï”÷-uÓà8ëØ/§ëp©
¼Ñ°Üߢn´7µ³÷ü.	vüÝbNð–ràÖ{÷Ì3¿`N˶.›çôT{5„ßSë;àw¿ øAY„_àwÃç˜08“WÍÖð‹È!üõŸ©¾86øítð†0íèJúºHc¼ló]ø¤rØW@~¶×0S‚2(Û¿bÎþÞ}wùÐÒÏx“ÛÆ¥¼w\ñæçâu6ç/9;ËÈr¾-å"ÿ™·0
)¿[ï
ŸpÃÚdžËÆß8ûޞuêGO¬wåނ“;W®éj˜SêMº 'Õâñ¥{</¼ÿÜirøwî4¹—õâ½2îdþòí;þçlœÞ=¬¼Ä_ÑÍ[ÿïX+zÏo蒫•›º_­I•~CWåöN©½ÝÐõ_tC×í\ù]Ð%ôê§t)µÛ»›óºäۛ;ù?tA®€üÝgù—ß·ì‹­rwSõoê•joY½»»½aX—ß–À¯õÕîÃöã?ù¶óF»ÒÇwÿû݇Ò+ùã»_}w÷醞·®vã5 µZ[i±<[i±<
e>E0½°9Öd
fPÀtPa2Ãfxx÷§wÒáüçã»Où»¿ý7€s[ÿ²¼ø'Rʝ$Kþ|«¥,ëÕÛ[º<ìýë4~yêyÿ¿ÞåâmeÁ“+óáã/¼KØ/ÿú×/W.7{|^ïžæ;ãéÚ]m†›}çµf²R“o|ù¶Z»…‘Éw²òv«ÙÛ­fo·š½Ýjöv«YëíV³3x¼Ýjöv«ÙÛ­fo·š½Ýjöv«Ùoñã·[ÍþçÃþíV³·[ÍÞn5{»ÕŒÓ÷»‡üέfæ4Žöcgõ<cšeK1Ÿ’|xêlºce‘ø`ï˜my4–ºñÀênŸ’zäÙþÖWÚHHFd»¶R™‰{˜kuëÁ¶Ǒ\™©Ý/N쇡ìÌǦcVü7ÆÛnÌîtµY?XûŠ­Ó§Žýì«ÃêLHÓä.±¢=^
×V<»²ÿ<Žªu÷Øu¦-/šÊÍéXë>ÛªÖu†•ì&.Çñ÷7¥ÛђÝÚ³µ•{M´í(.›Kÿ(Õ»«ævœÈÊÀÞA'õ|Ë­;‰\5GÞt.íËî¶Ý€~͖Ÿ˜/ÖXJ¦•áqd7['í$0ÆÞl,‡¶äîqwm8fóÊ{É@ò–rÕ¹ïÇoâ%ݑ£iê¼mj£Š÷ŕÊ8êšvŒ†’Ý·»žïwó({Ž÷Õu܃­ìnæI¸º÷ÅWê7#I
0ï͸ù ÇGñPµ¬»ÃtäõœXëßyº7νQ;ÚÈsX'ßn¦ãI¼*ÝÕԑ3œŽ¥Íþiâ}}t̝½Ú„†´Þ¿ÝdÖx»Éìí&³·›ÌÞn2{»Éìßzæ'ú/Ìëí&3á„øÛMfÉÛMf?¸Vßlƒæýv“Ùÿ„ç3Î3üüwëíùßÁ¿·›ÌDÚ{»É섿Šó}»ÉìߛßÛMfoÏoÏoÏoÏoÏoÏoÏoÏoÏßxn½Ýdöv“ÙÛMfo7™½=¿=¿=¿=¿=¿=¿=¿=¿=¿=¿=¿=¿=¿=_{¦¸¦·›ÌÞn2{»É¬õv“Ùïz.|»o7™ý§àùv“ÙÛMf">¼Ýdv>ÿ·›ÌÞn2{{~{~{~{þÿÐs÷í&³ÿëðöüöüöüöüöüöüöüöüöü{Ÿßn2{»Éìí&³·›ÌÞn2{»Éìí&³·›ÌÞn2{»É¬Œ‡o7™eôöv“Ù•µ¢÷ü&³›ªT½óë7r]æ7™ÝT”›êÛMfÿE7™ÝU«7µÿØUfµ[˜ØéUfU¥V=¿É¬rS¯*ÿ£n2“oj5¿*Wîè*3YR¤ÿÙW™Õjõšâ×eéF«Ìn«7·ÿǯ2;¿=¦HÕÛ¿V½•ñŽµš"áõvþùŸ´LŸãúÂ(ì	WcþÙ_Ï_’§Õî§w³Ï󿿟??MwOjü„ï€:Þ³î€0 ù»ª,ß lnE©#”`îw2aÝßßïÒ
PÔç÷»§ÃîçåôuÊ+ÿ„ßà|›þ4ÅnO;ÞǶ™Ž§sš<‰½ý]úÇOÓ¿n¦ÏP„õüûûpµ}zÞ5ß‚üãÃì§éÇížÓæ³ÿ×|
äú!ùøÏbµaÂÿ,£å/ïòëÕüDKÉU’˜‰w4$#¥¡a¿âsvTà-½Ê<{ŸÞ}EÖþÔ1«þŠ_q6ã~Ú¬ë\Ü¡˜ûú ˆW’l"Jš/>¦¹¿÷7Þýpݛìw¢/¼N¼šN†tõ–¾lŒ¥!Z[i±<[i±<
e>E0½°9Öd
fPÀtPJ9Qé·ãÀM`|Ž›éÆ#×»jaêøÿÞx™ƒ9„*Y¯S“gxeC»Y†”JýÖW‚ͬƒWзOì[´xRèÆÍÞ?.«³½ûÑöñZ²¬Îí—	±2u†™“­ ûýs6gÔ>£%Œ+‡M
ÍԕßY,[Y±0JÇZêožØ’?éð=îꞨZÝãÑjíÝǘÚVFQÙ5oiÝ;^úhgWrÕ0[w s¼¢cñ2F]õ-ºŒØßÿëB?úÚ¸ÇÔh<ÏÙ3þ¾¾…oGÛÏÛòs¯â>{áNéU¬g?Ü%ø<K4àø ^?¬ì#¨{MOAóÊ)óg/Ý­àï­æ÷CæDâ\¬To¹	]osßx~t曾‚jDcÍú³è
>ÀËXo梁ííÂm	t-Y›Ø֋›ÃÀnú­ îöio¼£krž’!Ò˜e0ŸVm9íh)^•åYšÔëXhÎlqÎn
c5C¼’Ákïbø‹×Ø~ä4³ìW¤×ÞÊ\OÛnÅ<Î%¯Iæ2’(e²>À»Š‰}…õDP±° U;ñR“îÖôº—€–Æx5	šóûî+ÀSÂ+VAüÔ±—tÍOkœ?¦›fãi„úr»ø2Þ.ÐÌu{æ_:«_ýûxïj_§	™)ÂXý~»ÈqøC³ÞÇ«Ç.ÔB®Ï)øB¯t˜bJï¡<OªÀ-“t+–ÑÕxkXqÔëàuz¹ÏŽú2WÌ×9­w“ú×³¶ÖÓûÃh2¸Ô¦Ìۄµ;Ãë†Z¯_bøµáÝÎõ\\÷4—™â.ÜÐ4k'tG¬[|Äë?Ð
Új.AM½!ނ®Û±„Wà%x­ÒœÃÚ®´W韘N—º%óøUŸÏÉOË}Ù‰0זÏyq²Æͼ*‰}³Öl®Wê:f ÀéþYH÷'J
ßZÜ­ÆÐÙîÁqoY_ûâÌ÷«Nó0g.ÐÛdÔxÖ;æÌÓ$äa1£M¼þ]ÙµLG ß`¥·îær~0ڋª¹l ÜÒQÏ=™®?Yáõ:ÅwƒÆ_àƒEό0SdÊÒc~ïD:"Xzuíâ•AÀË]ÀÌ"ž½ð’É&ÂY¼¾£q4–€mÇlþA¨·«Ÿð
s¼ÝŸ~/í¼å–`ÄÆ@×ûÐz9Šæã؍£^ñãUŸÂ7•Íd¦љ»øÇz²ãËö®°Þk¢ã`m÷Òƺeó±¥`⿃66È{\y܁QßãFÅ^cŒ7§°öŒO®¡’ƱAõ°MxY©Ê=Z7ûfß,þÍØ÷Ƭ^ºóq\ÐÈFuoŠÙV«Æ•õ9Ç7û›øÆ`9ç0Áy¸Ç~Û@š&ž¸ãóq<¸†“7¿læò.˜Wã¸@:z¿±¹ÐÜ%ø¶Íq™à0Xü÷’ï0¦¶pi[al`ÎîﰍÞ¼ï!n ̗æ8¶vÔçö–궈~ê8XëÔ\.$ãhŽd]„¯É·Ò}+ ;Z€ë«a<Ojèæ֞î›ÛY¥ú€N|©$k*¹Ê€[œW”ùxDëÑϖó,‰]›
øúA_÷ìz7Îç^܉·ñMšUô”ÇãDÛyÈóZãk£Ú¯’™ƒÛ//Cºò4[i±<
m<*øç°9Öd
fPÀtZ[i±<[i±<
m<>E0½°9Öd
fPÀtPÜ«r,7‡VlZ¶íM-žºNw	|/ñm¦Én;sj`Ï©eåWŸ&ë½1†q¶-€ñ¢ÖKïêzXÆOj=éuĸnâ1›<9eû‚ÅþÒÝۘP4—ƒ,Nu¿ÐϬn{¨Ú¡tGÑÎ[µGKÓF–<´íØw{ÃïÐðV +|*‡Ý,©ïçäk¶âW‚ÚSé΍èùá(…È¿:vu¬¸.{)ޝ@ù—Î×êÙÙAÆü¬·ºÍAdªCË»©qo$ÌqTXvwlk¶cˁç$¿‡¸”·x´}}é/@‘7	=Œ*r7­PNö˜OGÊsæ…Äýæè08êH§1£i¢Ù„öçX:Ëéžæ±½ô[Å{´+‰_=-Xî`æ[¥<¤CC·qÃŽÅùÈß®ÃòuôyÞñoð„"΀ñ˜
¬ÿÖñs#Ž—òCfzý™üËò_УÝB×>UÄy;<_ÈϚP‡åímét>ÌÇkÏÀ–~ˆa…“xïã]t»êÖNìt®°óŒ·›ꚸ¯WÊ©ÊÎw±{,òóŒnÅ8Ƒ§¸»$÷ ñ“îËt©Ê§ã­Œò=5<O4څŽsªûð<ÝgA¶BtŒ÷c¬ioBØ8”ï3}:9/!ØGÒ¢=ËómÂKz¼p¾¨ßs¸ÎÈçãßê‘=ÚzØ»š•ØžÝAZ½ÞëËuXÖñ}„eOqð¦Ûåí$Cº¦Tçïº]lt;h{ø:±¶G#ýFg:ö¹ñV–׬(¦òØèücϦ~Ùûi§~ôùø²¶{(ÏÊOŸ½×¬Ú/ðƒú€rñ`eoà{Ž#Ž=Èú½Zl‡¯³J×ñ€ÿ‰ãáóÍ®SÔ ìjjǖgÉXïu{1ð¥ÍLŽ-=܇#+‡õäsÊHЦâÂ{öÍѕì‘çhéÚò;v
8…ccp³2ØÙ©qß<ÌÆÁóO»éýPš·×¯©¶n°Æõ%öÇàx—ÃœKÎƉÿ°­§–Ø<ÞsŒl}ó÷CKs±>®ËÈbý
䕃¹1øF¶:eãås‰ì±•Ã”¯©jêô©
ìÅvh›Ÿ¼¯±Uwtm‡í?ªé?¨vÓð‚ϧ=`0_8~ßJYâsÆ9Òͱì.†Ö°û€íًçþ¸égëAãKÔGxÿSÅN7 í£Ö"Žsùå8ˆ×û®†2œíûÐõš4×l-)¾’êåíï³1
ðÅxÍ=ȐÍ¯éÒÚ-zW¬ãRU2Ú£9.yü{kê?ÌÛdÏi†«Ž¨OäcaëˆãÈÆËÊ,
üd¸SËp‹?pœY»çóÆqªi6î~ã@m°~
KÌׂêìY»1Ÿ«*àáR*À’õ»T%ó8ÕÅ8Ò0Ÿƒ³d,#	ãýà¯Ìp7ç5LngmQx×N†óD</uŸ8›Gm#“­Ei­ðÞ&“\^sl{‚íuæ{³ÝÈiFXúúN¥h·À=°@7Sá{£*Àž·íÊÆrq‚gÅXam”>õ)|cð®ôÃèÆV33záë”Ù+ ûg듏`܎d¡¬mÐ'#\E„;Ÿkµ\žÖêhð~‹y©˜<-Êðè·­ßøÚ
ö}†_§pÏhŠÑ(•5 âúåøVŒÍ=˜íÁ),¾ä¸™Z[i±<[i±<
m<>E0½°9Öd
fPÀtPƒÄщ!âx†C]¦yF#VÁ+ó6rœËñ–Öá螬çí@›Ùã>®€‹g(º›ó‡‚aÞíÆ^äƒMô[®3ÜÊe82xo“xFœãñÎGÊüLߋ¼„Ã,úÈÖ>Ǜ[™<ËÛ*óh#c\ðH¶Þhd|–·J‡bŽ-‘Wrþ2*p'Ÿ« Wówi7£–ÈÛ/ñY¾FiNk]Ï–Ö¼Lï¶%ÙÁ߅b¹L?‘Rc<úÙ¶\("ìqœÎQ•`Íý±íúÇåx{À}À£-Ðü‹ä‰0‚-–YêÀ—X&ÜWÀfýº
0HͶ‹´&?´õ=𠴛Àœƒ>>¨Á;à͋ð?5*ðE}Ï{äË&ÒÈÀë”øÝ×Ô¨,Žïí·9ôçfßdœ‡yÄ=~uk,­*ðü=~ƒvÀvıXÀcT¯?¶ ^[?Hٜ
0‘
¼Ç
ÛkGð=¨cá½KОãÑå>ö<®ßÆù⻁‚ç#€Þ`¾œoÕxÀúŒ¶rÈÝb|?É!¨ß0~ÇcÑ·&ö7Žv7<ž¾!€ñb¬:ïÇÀ¹À<-ÏÀ¼ÁÆYÚóÉB\K<Sqô|®«e²Sê—x½“™™Ó­bŽÙÎå¿Ñ*pžÑÆø—y\FË'ôA¸i
ºM!Ÿ–† ‹±ÂúÕú9æ4Êt¤*áL!Ï
úãyp¹!ö•ÑÖÏkfívóºÔ.ãå'²­
8Ÿžñr¦+€¼™C›z™2šE¾[ÅsÆX/é0ˆ_O©ë78˜$[ñœ„{D€|d“eí†B¼{‰ú€q`rvAºÎCë#<Y}³=§µ…ú@çQ^ŸÆ†õz•×¯L%V±7˜¼‡wĬm5xýE•`õž²Pÿe"­0'ý¼sðìÕØ8Ê|«·º[=ŒðŒ×~ÖіÞh6Ù+æ•Ò“*euGµ”GތÇRõeÞÑÀv³Ö3Š9ƳŽWÌÓ};‰Ì:ûu~6ûõіt•Å¢ÇãƒX|_³âÙÞý“£žœ¿œ+ìâ-ØrqqV­¸¯cÎr£R.¯k±OƒD]‹>‰ñ(Åà{x´‡_AÿÕ¬2ÏËytH³gIõ¾p&šöÝ2›_¸§¤ÈïÒ.ü.øn8é¦`«ç»iÒ|u±[Þ»“nè:~\ôáS[¶¿øÀ[Pߝû‘®B¾ú—ú|O'¯›°q°:qËw¼Ä›èœÔboH8¯ÇÖ¾N°„sžÌ¼Îb^['g¼_Æáå¸:ÚÏá}1þÂd{ZÜÃbø²3t§	¿ËÀÏò,ï‚ì]7yaönVœ7²“‘s(ÊÆÃ,×ÅvTœ¯|ÎÊÎÔX(«e95ºBÙû¼lGl×ÊÇ/ŒÁÚ-æÕ¢¼]g_ìEgq%Q,¶QÉrn#ï,àÐ,Ú°bq.Uq.toSF7Ê cG€slçp.Ãj“Ï¿3‡a	É0ÎÛ±„ù&q,´#¼·c¡_q_³\Äؾ#‡ças(ÞOù=L»œ¢n ÂI€«–åh&øYÅÝ;v’é<ï$ÎÛÂq•Ú
óñnÅñÚiч8^¯£æ}”`CVB‰ˆÏ35ðFÍæÞ-Ï]óuRK8"	8\š»ï82rDñ8–Öª	}4[i±<
m<+÷°9Öd
fPÀtZ[i±<[i±<
m<>E0½°9Öd
fPÀtPÜ«r,7‡VlZ¶íM-žºNw	|/ñm¦Én;sj`Ï©eåWŸ&ë½1†q¶-€ñ¢ÖKïêzXÆOj=éuĸnâ1›<9eû‚ÅþÒÝۘP4—ƒ,Nu¿ÐϬn{¨Ú¡tGÑÎ[µGKÓF–<´íØw{ÃïÐðV +|*‡Ý,©ïçäk¶âW‚ÚSé΍èùá(…È¿:vu¬¸.{)ޝ@ù—Î×êÙÙAÆü¬·ºÍAdªCË»©qo$ÌqTXvwlk¶cˁç$¿‡¸”·x´}}é/@‘7	=Œ*r7­PNö˜OGÊsæ…Äýæè08êH§1£i¢Ù„öçX:Ëéžæ±½ô[Å{´+‰_=-Xî`æ[¥<¤CC·qÃŽÅùÈß®ÃòuôyÞñoð„"΀ñ˜
¬ÿÖñs#Ž—òCfzý™üËò_УÝB×>UÄy;<_ÈϚP‡åímét>ÌÇkÏÀ–~ˆa…“xïã]t»êÖNìt®°óŒ·›ꚸ¯WÊ©ÊÎw±{,òóŒnÅ8Ƒ§¸»$÷ ñ“îËt©Ê§ã­Œò=5<O4څŽsªûð<ÝgA¶BtŒ÷c¬ioBØ8”ï3}:9/!ØGÒ¢=ËómÂKz¼p¾¨ßs¸ÎÈçãßê‘=ÚzØ»š•ØžÝAZ½ÞëËuXÖñ}„eOqð¦Ûåí$Cº¦Tçïº]lt;h{ø:±¶G#ýFg:ö¹ñV–׬(¦òØèücϦ~Ùûi§~ôùø²¶{(ÏÊOŸ½×¬Ú/ðƒú€rñ`eoà{Ž#Ž=Èú½Zl‡¯³J×ñ€ÿ‰ãáóÍ®SÔ ìjjǖgÉXïu{1ð¥ÍLŽ-=܇#+‡õäsÊHЦâÂ{öÍѕì‘çhéÚò;v
8…ccp³2ØÙ©qß<ÌÆÁóO»éýPš·×¯©¶n°Æõ%öÇàx—ÃœKÎƉÿ°­§–Ø<ÞsŒl}ó÷CKs±>®ËÈbý
䕃¹1øF¶:eãås‰ì±•Ã”¯©jêô©
ìÅvh›Ÿ¼¯±Uwtm‡í?ªé?¨vÓð‚ϧ=`0_8~ßJYâsÆ9Òͱì.†Ö°û€íًçþ¸égëAãKÔGxÿSÅN7 í£Ö"Žsùå8ˆ×û®†2œíûÐõš4×l-)¾’êåíï³1
ðÅxÍ=ȐÍ¯éÒÚ-zW¬ãRU2Ú£9.yü{kê?ÌÛdÏi†«Ž¨OäcaëˆãÈÆËÊ,
üd¸SËp‹?pœY»çóÆqªi6î~ã@m°~
KÌׂêìY»1Ÿ«*àáR*À’õ»T%ó8ÕÅ8Ò0Ÿƒ³d,#	ãýà¯Ìp7ç5LngmQx×N†óD</uŸ8›Gm#“­Ei­ðÞ&“\^sl{‚íuæ{³ÝÈiFXúúN¥h·À=°@7Sá{£*Àž·íÊÆrq‚gÅXam”>õ)|cð®ôÃèÆV33záë”Ù+ ûg듏`܎d¡¬mÐ'#\E„;Ÿkµ\žÖêhð~‹y©˜<-Êðè·­ßøÚ
ö}†_§pÏhŠÑ(•5 âúåøVŒÍ=˜íÁ),¾ä¸™Z[i±<[i±<
m<>E0½°9Öd
fPÀtPƒÄщ!âx†C]¦yF#VÁ+ó6rœËñ–Öá螬çí@›Ùã>®€‹g(º›ó‡‚aÞíÆ^äƒMô[®3ÜÊe82xo“xFœãñÎGÊüLߋ¼„Ã,úÈÖ>Ǜ[™<ËÛ*óh#c\ðH¶Þhd|–·J‡bŽ-‘Wrþ2*p'Ÿ« Wówi7£–ÈÛ/ñY¾FiNk]Ï–Ö¼Lï¶%ÙÁ߅b¹L?‘Rc<úÙ¶\("ìqœÎQ•`Íý±íúÇåx{À}À£-Ðü‹ä‰0‚-–YêÀ—X&ÜWÀfýº
0HͶ‹´&?´õ=𠴛Àœƒ>>¨Á;à͋ð?5*ðE}Ï{äË&ÒÈÀë”øÝ×Ô¨,Žïí·9ôçfßdœ‡yÄ=~uk,­*ðü=~ƒvÀvıXÀcT¯?¶ ^[?Hٜ
0‘
¼Ç
ÛkGð=¨cá½KОãÑå>ö<®ßÆù⻁‚ç#€Þ`¾œoÕxÀúŒ¶rÈÝb|?É!¨ß0~ÇcÑ·&ö7Žv7<ž¾!€ñb¬:ïÇÀ¹À<-ÏÀ¼ÁÆYÚóÉB\K<Sqô|®«e²Sê—x½“™™Ó­bŽÙÎå¿Ñ*pžÑÆø—y\FË'ôA¸i
ºM!Ÿ–† ‹±ÂúÕú9æ4Êt¤*áL!Ï
úãyp¹!ö•ÑÖÏkfívóºÔ.ãå'²­
8Ÿžñr¦+€¼™C›z™2šE¾[ÅsÆX/é0ˆ_O©ë78˜$[ñœ„{D€|d“eí†B¼{‰ú€q`rvAºÎCë#<Y}³=§µ…ú@çQ^ŸÆ†õz•×¯L%V±7˜¼‡wĬm5xýE•`õž²Pÿe"­0'ý¼sðìÕØ8Ê|«·º[=ŒðŒ×~ÖіÞh6Ù+æ•Ò“*euGµ”GތÇRõeÞÑÀv³Ö3Š9ƳŽWÌÓ};‰Ì:ûu~6ûõіt•Å¢ÇãƒX|_³âÙÞý“£žœ¿œ+ìâ-ØrqqV­¸¯cÎr£R.¯k±OƒD]‹>‰ñ(Åà{x´‡_AÿÕ¬2ÏËytH³gIõ¾p&šöÝ2›_¸§¤ÈïÒ.ü.øn8é¦`«ç»iÒ|u±[Þ»“nè:~\ôáS[¶¿øÀ[Pߝû‘®B¾ú—ú|O'¯›°q°:qËw¼Ä›èœÔboH8¯ÇÖ¾N°„sžÌ¼Îb^['g¼_Æáå¸:ÚÏá}1þÂd{ZÜÃbø²3t§	¿ËÀÏò,ï‚ì]7yaönVœ7²“‘s(ÊÆÃ,×ÅvTœ¯|ÎÊÎÔX(«e95ºBÙû¼lGl×ÊÇ/ŒÁÚ-æÕ¢¼]g_ìEgq%Q,¶QÉrn#ï,àÐ,Ú°bq.Uq.toSF7Ê cG€slçp.Ãj“Ï¿3‡a	É0ÎÛ±„ù&q,´#¼·c¡_q_³\Äؾ#‡ças(ÞOù=L»œ¢n ÂI€«–åh&øYÅÝ;v’é<ï$ÎÛÂq•Ú
óñnÅñÚiч8^¯£æ}”`CVB‰ˆÏ35ðFÍæÞ-Ï]óuRK8"	8\š»ï82rDñ8–Öª	}4[i±<
m<㪰9Öd
fPÀtZ[i±<[i±<
m<>E0½°9Öd
fPÀtPÜ«r,7‡VlZ¶íM-žºNw	|/ñm¦Én;sj`Ï©eåWŸ&ë½1†q¶-€ñ¢ÖKïêzXÆOj=éuĸnâ1›<9eû‚ÅþÒÝۘP4—ƒ,Nu¿ÐϬn{¨Ú¡tGÑÎ[µGKÓF–<´íØw{ÃïÐðV +|*‡Ý,©ïçäk¶âW‚ÚSé΍èùá(…È¿:vu¬¸.{)ޝ@ù—Î×êÙÙAÆü¬·ºÍAdªCË»©qo$ÌqTXvwlk¶cˁç$¿‡¸”·x´}}é/@‘7	=Œ*r7­PNö˜OGÊsæ…Äýæè08êH§1£i¢Ù„öçX:Ëéžæ±½ô[Å{´+‰_=-Xî`æ[¥<¤CC·qÃŽÅùÈß®ÃòuôyÞñoð„"΀ñ˜
¬ÿÖñs#Ž—òCfzý™üËò_УÝB×>UÄy;<_ÈϚP‡åímét>ÌÇkÏÀ–~ˆa…“xïã]t»êÖNìt®°óŒ·›ꚸ¯WÊ©ÊÎw±{,òóŒnÅ8Ƒ§¸»$÷ ñ“îËt©Ê§ã­Œò=5<O4څŽsªûð<ÝgA¶BtŒ÷c¬ioBØ8”ï3}:9/!ØGÒ¢=ËómÂKz¼p¾¨ßs¸ÎÈçãßê‘=ÚzØ»š•ØžÝAZ½ÞëËuXÖñ}„eOqð¦Ûåí$Cº¦Tçïº]lt;h{ø:±¶G#ýFg:ö¹ñV–׬(¦òØèücϦ~Ùûi§~ôùø²¶{(ÏÊOŸ½×¬Ú/ðƒú€rñ`eoà{Ž#Ž=Èú½Zl‡¯³J×ñ€ÿ‰ãáóÍ®SÔ ìjjǖgÉXïu{1ð¥ÍLŽ-=܇#+‡õäsÊHЦâÂ{öÍѕì‘çhéÚò;v
8…ccp³2ØÙ©qß<ÌÆÁóO»éýPš·×¯©¶n°Æõ%öÇàx—ÃœKÎƉÿ°­§–Ø<ÞsŒl}ó÷CKs±>®ËÈbý
䕃¹1øF¶:eãås‰ì±•Ã”¯©jêô©
ìÅvh›Ÿ¼¯±Uwtm‡í?ªé?¨vÓð‚ϧ=`0_8~ßJYâsÆ9Òͱì.†Ö°û€íًçþ¸égëAãKÔGxÿSÅN7 í£Ö"Žsùå8ˆ×û®†2œíûÐõš4×l-)¾’êåíï³1
ðÅxÍ=ȐÍ¯éÒÚ-zW¬ãRU2Ú£9.yü{kê?ÌÛdÏi†«Ž¨OäcaëˆãÈÆËÊ,
üd¸SËp‹?pœY»çóÆqªi6î~ã@m°~
KÌׂêìY»1Ÿ«*àáR*À’õ»T%ó8ÕÅ8Ò0Ÿƒ³d,#	ãýà¯Ìp7ç5LngmQx×N†óD</uŸ8›Gm#“­Ei­ðÞ&“\^sl{‚íuæ{³ÝÈiFXúúN¥h·À=°@7Sá{£*Àž·íÊÆrq‚gÅXam”>õ)|

This file has been truncated. Go here to download in full.


keyword_perf.log - (17494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/17/2018 -- 16:53:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             62972430        21729           21729           90231           2898.00         2898.00         0.00           
  content          347469557       19891           4291            8445648         17468.00        29544.00        14147.00       
  pcre             13597670        2957            164             140615          4598.00         8224.00         4385.00        
  byte_test        4749842         1467            599             70550           3237.00         3261.00         3221.00        
  byte_jump        236712          75              22              16107           3156.00         3038.00         3204.00        
  isdataat         30914           10              4               3658            3091.00         3376.00         2901.00        
  flowbits         16814967        5861            150             47573           2868.00         3320.00         2857.00        
  urilen           1058706         317             52              32072           3339.00         3155.00         3375.00        
  byte_extract     399731          120             120             29735           3331.00         3331.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             62972430        21729           21729           90231           2898.00         2898.00         0.00           
  flowbits         16748416        5847            136             47573           2864.00         3172.00         2857.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19409673        1537            814             108254          12628.00        15657.00        9217.00        
  pcre             320265          34              25              30614           9419.00         10075.00        7598.00        
  byte_test        4664847         1453            586             70550           3210.00         3233.00         3195.00        
  byte_jump        179532          57              14              16107           3149.00         2904.00         3229.00        
  isdataat         21066           7               1               3658            3009.00         3658.00         2901.00        
  byte_extract     28067           8               8               3812            3508.00         3508.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         66551           14              14              9925            4753.00         4753.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1289763         341             172             17494           3782.00         3980.00         3580.00        
  pcre             949049          121             28              29964           7843.00         7874.00         7834.00        
  isdataat         9848            3               3               3524            3282.00         3282.00         0.00           
  urilen           1058706         317             52              32072           3339.00         3155.00         3375.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6735            2               2               4088            3367.00         3367.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35802646        8996            93              287592          3979.00         9786.00         3919.00        
  pcre             1825971         54              2               95850           33814.00        6709.00         34856.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30654           9               0               3518            3406.00         0.00            3406.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          283557304       7210            1901            8445648         39328.00        56278.00        33259.00       
  pcre             9022274         2543            0               140615          3547.00         0.00            3547.00        
  byte_test        13427           4               4               3415            3356.00         3356.00         0.00           
  byte_jump        57180           18              8               4155            3176.00         3274.00         3098.00        
  byte_extract     371664          112             112             29735           3318.00         3318.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5723266         1385            1028            57336           4132.00         4182.00         3989.00        
  pcre             1213262         167             73              73696           7265.00         8690.00         6158.00        
  byte_test        32026           2               1               25959           16013.00        6067.00         25959.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          295998          68              36              39639           4352.00         3783.00         4993.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30045           9               9               3842            3338.00         3338.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          68591           18              18              4758            3810.00         3810.00         0.00           
  byte_test        39542           8               8               5920            4942.00         4942.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          217175          46              46              55343           4721.00         4721.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3579            1               0               3579            3579.00         0.00            3579.00        
  pcre             18617           1               0               18617           18617.00        0.00            18617.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          318788          83              62              16552           3840.00         3845.00         3828.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          586288          147             84              39567           3988.00         4400.00         3438.00        
  pcre             196012          35              35              21154           5600.00         5600.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15435           5               5               3465            3087.00         3087.00         0.00           
  pcre             52220           2               1               32719           26110.00        32719.00        19501.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1182 bytes) - download
1
2
3
4
5
6
7
8
2018-11-17 16:53:09,854 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-17 16:53:10,736 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-17 16:53:10,736 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-17 16:53:10,736 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-17 16:53:10,736 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-17 16:53:10,737 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0d47ccd40e43f66b0a39c898eaa1902e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11172018.1653-2018-08-07-Rig-EK-infection-traffic-2nd-run.pcap -vvv -k none
2018-11-17 16:53:36,284 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-17 16:53:36,284 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.439620018