Filename: 74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 33.3757917881 seconds
Hash: 100ab93fec641d51f91e32605d4fb1c0
Uploaded: 1542895220

Logfiles


packet_stats.log - (9899 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             7          8997266       99130804      52850771        370.0m    0.80
 IPv4       6           572          4125266      127055006      79217827         45.3b   98.09
 IPv4      17            22          9565691       30961101      23345205        513.6m    1.11
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             7            90527         272050        121377        849.6k    0.64
TMM_FLOWWORKER              IPv4       6           572            65894        8737092        185407        106.1m   80.37
TMM_FLOWWORKER              IPv4      17            22           127289        8669121        993571         21.9m   16.57
TMM_RECEIVEPCAPFILE         IPv4       2             7             2561           8925          3639         25.5k    0.02
TMM_RECEIVEPCAPFILE         IPv4       6           508             2541          65024          2920          1.5m    1.12
TMM_RECEIVEPCAPFILE         IPv4      17            22             2610           3693          2938         64.6k    0.05
TMM_DECODEPCAPFILE          IPv4       2             7             2809          15000          4701         32.9k    0.02
TMM_DECODEPCAPFILE          IPv4       6           508             2663          13029          2964          1.5m    1.14
TMM_DECODEPCAPFILE          IPv4      17            22             2689          13853          3429         75.5k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           508             2834        6701682         17654          9.0m  8.67  
flow                    IPv4      17            22             3026          36425          6575        144.7k  0.14  
stream                  IPv4       6           572             2844         436999          9829          5.6m  5.43  
app-layer               IPv4      17            22             2581          41158         13481        296.6k  0.29  
detect                  IPv4       2             7            84391         255416        114068        798.5k  0.77  
detect                  IPv4       6           572            44330        8706478        129353         74.0m  71.52 
detect                  IPv4      17            22           110352        4220599        545563         12.0m  11.60 
tcp-prune               IPv4       6           572             2545          18183          2851          1.6m  1.58  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
dns                     IPv4      17            15             3831          16721          6619         99.3k  100.00
Proto detect            IPv4       6             2             3568         332940        168254        336.5k
Proto detect            IPv4      17            16             3494          30476          7786        124.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            64            11263          66777         19999          1.3m  8.37  
LOGGER_UNIFIED2             IPv4       6            64            17081         421757         35022          2.2m  14.66 
LOGGER_JSON_ALERT           IPv4       6            64            29428          91369         42020          2.7m  17.58 
LOGGER_JSON_DNS             IPv4      17            12            28349        8012554        756912          9.1m  59.39 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           128             2531         394683         15339         2.0m  50.19 
payload                           IPv4      17            22             3465         129222         36562       804.4k  20.56 
stream                            IPv4       6           128             2571         113140          8509         1.1m  27.84 
dns_query                         IPv4      17             6             3586          14533          9177        55.1k  1.41  
Total                             IPv4                   284                                         13775         3.9m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             7            36810         165894         58112        406.8k  0.51  
PROF_DETECT_IPONLY          IPv4       6           128             3695        8529767         94408         12.1m  15.28 
PROF_DETECT_IPONLY          IPv4      17            17            37100          77283         46384        788.5k  1.00  
PROF_DETECT_RULES           IPv4       2             7             2551           8342          3426         24.0k  0.03  
PROF_DETECT_RULES           IPv4       6           572             2531         687732         44391         25.4m  32.11 
PROF_DETECT_RULES           IPv4      17            22            49749        4063773        383331          8.4m  10.66 
PROF_DETECT_STATEFUL_CONT    IPv4       2             7             2526           2855          2640         18.5k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6           572             2514          27433          3085          1.8m  2.23  
PROF_DETECT_STATEFUL_CONT    IPv4      17            22             2533          41741          7224        158.9k  0.20  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             2608           3695          2977         35.7k  0.05  
PROF_DETECT_PREFILTER       IPv4       2             7             7859          11696          8585         60.1k  0.08  
PROF_DETECT_PREFILTER       IPv4       6           572             7710         481536         18974         10.9m  13.73 
PROF_DETECT_PREFILTER       IPv4      17            22            24884         178433         70028          1.5m  1.95  
PROF_DETECT_PF_PAYLOAD      IPv4       6           128            19526         462819         35602          4.6m  5.76  
PROF_DETECT_PF_PAYLOAD      IPv4      17            22             8782         135224         42114        926.5k  1.17  
PROF_DETECT_PF_TX           IPv4      17             6             9019          20645         15030         90.2k  0.11  
PROF_DETECT_PF_SORT1        IPv4       6           128             2750          20769          3150        403.3k  0.51  
PROF_DETECT_PF_SORT1        IPv4      17            22             2805           5973          4181         92.0k  0.12  
PROF_DETECT_PF_SORT2        IPv4       2             7             2529           2799          2655         18.6k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           572             2520          33550          2934          1.7m  2.12  
PROF_DETECT_PF_SORT2        IPv4      17            22             2572          55713          5934        130.6k  0.17  
PROF_DETECT_NONMPMLIST      IPv4       2             7             2605           2816          2762         19.3k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           572             2535         391071          3675          2.1m  2.66  
PROF_DETECT_NONMPMLIST      IPv4      17            22             2743           4347          3217         70.8k  0.09  
PROF_DETECT_ALERT           IPv4       2             7             2536          13402          4139         29.0k  0.04  
PROF_DETECT_ALERT           IPv4       6           572             2527         392375          3439          2.0m  2.49  
PROF_DETECT_ALERT           IPv4      17            22             2538           4502          2891         63.6k  0.08  
PROF_DETECT_CLEANUP         IPv4       2             7             2538           4314          2817         19.7k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           572             2553         390788          3655          2.1m  2.64  
PROF_DETECT_CLEANUP         IPv4      17            22             2549           5833          3380         74.4k  0.09  
PROF_DETECT_GETSGH          IPv4       2             7             2783          16938          5450         38.2k  0.05  
PROF_DETECT_GETSGH          IPv4       6           572             2526         397619          5132          2.9m  3.71  
PROF_DETECT_GETSGH          IPv4      17            22             2764          51582          9405        206.9k  0.26  


suricata-report-2018-11-22-T-14-00-54-11222018.1400-74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap.txt - (17984 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/100ab93fec641d51f91e32605d4fb1c056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11222018.1400-74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap -vvv -k none
elapsedtime:32.372727
stderr:
stdout:
22/11/2018 -- 14:00:21 - <Info> - Configuration node 'rule-files' redefined.
22/11/2018 -- 14:00:21 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/11/2018 -- 14:00:21 - <Info> - CPUs/cores online: 1
22/11/2018 -- 14:00:21 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31390 and 'request-body-inspect-window' set to 15741 after randomization.
22/11/2018 -- 14:00:21 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31805 and 'response-body-inspect-window' set to 16348 after randomization.
22/11/2018 -- 14:00:21 - <Config> - DNS request flood protection level: 500
22/11/2018 -- 14:00:21 - <Config> - DNS per flow memcap (state-memcap): 524288
22/11/2018 -- 14:00:21 - <Config> - DNS global memcap: 16777216
22/11/2018 -- 14:00:21 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/11/2018 -- 14:00:21 - <Config> - preallocated 1000 hosts of size 136
22/11/2018 -- 14:00:21 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/11/2018 -- 14:00:21 - <Config> - using magic-file /usr/share/file/magic
22/11/2018 -- 14:00:21 - <Config> - Core dump size is unlimited.
22/11/2018 -- 14:00:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/11/2018 -- 14:00:21 - <Config> - preallocated 1000 defrag trackers of size 168
22/11/2018 -- 14:00:21 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/11/2018 -- 14:00:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/11/2018 -- 14:00:21 - <Config> - stream "memcap": 33554432
22/11/2018 -- 14:00:21 - <Config> - stream "midstream" session pickups: disabled
22/11/2018 -- 14:00:21 - <Config> - stream "async-oneside": disabled
22/11/2018 -- 14:00:21 - <Config> - stream "checksum-validation": disabled
22/11/2018 -- 14:00:21 - <Config> - stream."inline": disabled
22/11/2018 -- 14:00:21 - <Config> - stream "bypass": disabled
22/11/2018 -- 14:00:21 - <Config> - stream "max-synack-queued": 5
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly "memcap": 134217728
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly "depth": 0
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly "toserver-chunk-size": 2509
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly "toclient-chunk-size": 2461
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly.raw: enabled
22/11/2018 -- 14:00:21 - <Config> - stream.reassembly "segment-prealloc": 2048
22/11/2018 -- 14:00:21 - <Config> - Delayed detect disabled
22/11/2018 -- 14:00:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/11/2018 -- 14:00:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/11/2018 -- 14:00:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/11/2018 -- 14:00:21 - <Config> - prefilter engines: MPM
22/11/2018 -- 14:00:21 - <Config> - IP reputation disabled
22/11/2018 -- 14:00:21 - <Perf> - Registered 148 keyword profiling counters.
22/11/2018 -- 14:00:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
22/11/2018 -- 14:00:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
22/11/2018 -- 14:00:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
22/11/2018 -- 14:00:27 - <Config> - No rules loaded from ET-icmp.rules.
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
22/11/2018 -- 14:00:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
22/11/2018 -- 14:00:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
22/11/2018 -- 14:00:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
22/11/2018 -- 14:00:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
22/11/2018 -- 14:00:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
22/11/2018 -- 14:00:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
22/11/2018 -- 14:00:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
22/11/2018 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
22/11/2018 -- 14:00:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
22/11/2018 -- 14:00:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
22/11/2018 -- 14:00:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
22/11/2018 -- 14:00:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
22/11/2018 -- 14:00:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
22/11/2018 -- 14:00:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
22/11/2018 -- 14:00:35 - <Config> - No rules loaded from local.rules.
22/11/2018 -- 14:00:35 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
22/11/2018 -- 14:00:35 - <Info> - Threshold config parsed: 0 rule(s) found
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tcp-packet
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tcp-stream
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for udp-packet
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for other-ip
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_uri
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_request_line
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_client_body
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_response_line
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_header
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_header
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_header_names
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_header_names
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_accept
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_accept_enc
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_accept_lang
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_referer
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_connection
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_content_len
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_content_len
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_content_type
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_content_type
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_protocol
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_protocol
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_start
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_start
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_raw_header
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_raw_header
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_method
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_cookie
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_cookie
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_raw_uri
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_user_agent
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_host
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_raw_host
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_stat_msg
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_stat_code
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for dns_query
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tls_sni
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for dce_stub_data
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for dce_stub_data
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for ssh_protocol
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for ssh_protocol
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for ssh_software
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for ssh_software
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for file_data
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for file_data
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_request_line
22/11/2018 -- 14:00:36 - <Perf> - using shared mpm ctx' for http_response_line
22/11/2018 -- 14:00:36 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
22/11/2018 -- 14:00:36 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/11/2018 -- 14:00:36 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
22/11/2018 -- 14:00:36 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
22/11/2018 -- 14:00:36 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
22/11/2018 -- 14:00:36 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
22/11/2018 -- 14:00:36 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
22/11/2018 -- 14:00:36 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/11/2018 -- 14:00:49 - <Perf> - Unique rule groups: 104
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toserver TCP packet": 35
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toclient TCP packet": 17
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toserver TCP stream": 33
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toclient TCP stream": 19
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toserver UDP packet": 27
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "toclient UDP packet": 17
22/11/2018 -- 14:00:49 - <Perf> - Builtin MPM "other IP packet": 3
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_uri": 14
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_header": 10
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_header": 6
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_header_names": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_protocol": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_start": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_method": 5
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver http_host": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver tls_sni": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toserver file_data": 1
22/11/2018 -- 14:00:49 - <Perf> - AppLayer MPM "toclient file_data": 7
22/11/2018 -- 14:00:53 - <Perf> - Registered 39590 rule profiling counters.
22/11/2018 -- 14:00:53 - <Info> - fast output device (regular) initialized: alert
22/11/2018 -- 14:00:53 - <Info> - eve-log output device (regular) initialized: eve.json
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'alert'
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'http'
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'dns'
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'tls'
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'files'
22/11/2018 -- 14:00:53 - <Config> - enabling 'eve-log' module 'ssh'
22/11/2018 -- 14:00:53 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/11/2018 -- 14:00:53 - <Info> - stats output device (regular) initialized: stats.log
22/11/20

This file has been truncated. Go here to download in full.


stats.log - (2764 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 11/22/2018 -- 14:00:54 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 537
decoder.bytes                              | Total                     | 59822
decoder.ipv4                               | Total                     | 537
decoder.ethernet                           | Total                     | 537
decoder.tcp                                | Total                     | 508
decoder.udp                                | Total                     | 22
decoder.avg_pkt_size                       | Total                     | 111
decoder.max_pkt_size                       | Total                     | 543
flow.tcp                                   | Total                     | 64
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 64
tcp.syn                                    | Total                     | 64
tcp.synack                                 | Total                     | 64
tcp.rst                                    | Total                     | 64
detect.alert                               | Total                     | 64
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 4
detect.fnonmpm_list                        | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 6
app_layer.tx.dns_udp                       | Total                     | 6
app_layer.flow.failed_udp                  | Total                     | 4
flow.spare                                 | Total                     | 9978
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880


eve.json - (37458 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{"timestamp":"2018-11-22T13:52:04.619928+0000","flow_id":2061162128897432,"pcap_cnt":6,"event_type":"dns","src_ip":"192.168.180.169","src_port":56184,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60828,"rrname":"teredo.ipv6.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T13:52:04.620280+0000","flow_id":2061162128897432,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":56184,"proto":"UDP","dns":{"type":"answer","id":60828,"rcode":"NXDOMAIN","rrname":"teredo.ipv6.microsoft.com"}}
{"timestamp":"2018-11-22T13:52:04.620280+0000","flow_id":2061162128897432,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":56184,"proto":"UDP","dns":{"type":"answer","id":60828,"rcode":"NXDOMAIN","rrname":"ipv6.microsoft.com","rrtype":"SOA","ttl":1741}}
{"timestamp":"2018-11-22T13:52:05.589895+0000","flow_id":612366580777031,"pcap_cnt":8,"event_type":"dns","src_ip":"192.168.180.169","src_port":64995,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62764,"rrname":"wpad.TZBZO2560958973.local","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T13:52:05.593627+0000","flow_id":612366580777031,"pcap_cnt":9,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":64995,"proto":"UDP","dns":{"type":"answer","id":62764,"rcode":"NXDOMAIN","rrname":"wpad.TZBZO2560958973.local"}}
{"timestamp":"2018-11-22T13:52:05.593627+0000","flow_id":612366580777031,"pcap_cnt":9,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":64995,"proto":"UDP","dns":{"type":"answer","id":62764,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2018-11-22T13:52:07.165949+0000","flow_id":792819631884349,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.180.169","src_port":61330,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35535,"rrname":"isatap.TZBZO2560958973.local","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T13:52:07.169656+0000","flow_id":792819631884349,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":61330,"proto":"UDP","dns":{"type":"answer","id":35535,"rcode":"NXDOMAIN","rrname":"isatap.TZBZO2560958973.local"}}
{"timestamp":"2018-11-22T13:52:07.169656+0000","flow_id":792819631884349,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":61330,"proto":"UDP","dns":{"type":"answer","id":35535,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2018-11-22T13:52:12.424047+0000","flow_id":1474933453256815,"pcap_cnt":16,"event_type":"dns","src_ip":"192.168.180.169","src_port":49953,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48492,"rrname":"TZBZO2560958973.TZBZO2560958973.local","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-11-22T13:52:12.487075+0000","flow_id":1474933453256815,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":49953,"proto":"UDP","dns":{"type":"answer","id":48492,"rcode":"NXDOMAIN","rrname":"TZBZO2560958973.TZBZO2560958973.local"}}
{"timestamp":"2018-11-22T13:52:12.487075+0000","flow_id":1474933453256815,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":49953,"proto":"UDP","dns":{"type":"answer","id":48492,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2018-11-22T13:52:22.021654+0000","flow_id":1241789744174230,"pcap_cnt":18,"event_type":"dns","src_ip":"192.168.180.169","src_port":62038,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9890,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":1748,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":0,"rdata":"13.65.88.161"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a3-129.akadns.net"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a12-131.akadns.org"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a5-130.akadns.org"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a11-129.akadns.net"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a1-128.akadns.net"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a18-128.akadns.org"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a9-128.akadns.net"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a13-130.akadns.org"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a28-129.akadns.org"}}
{"timestamp":"2018-11-22T13:52:22.022230+0000","flow_id":1241789744174230,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":62038,"proto":"UDP","dns":{"type":"answer","id":9890,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18131,"rdata":"a7-131.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.587785+0000","flow_id":1414533328926729,"pcap_cnt":20,"event_type":"dns","src_ip":"192.168.180.169","src_port":51448,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61082,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":1747,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":300,"rdata":"13.65.245.138"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a5-130.akadns.org"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a18-128.akadns.org"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a11-129.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a7-131.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a28-129.akadns.org"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a3-129.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a9-128.akadns.net"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a12-131.akadns.org"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a13-130.akadns.org"}}
{"timestamp":"2018-11-22T13:52:23.588141+0000","flow_id":1414533328926729,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.169","dest_port":51448,"proto":"UDP","dns":{"type":"answer","id":61082,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":18130,"rdata":"a1-128.akadns.net"}}
{"timestamp":"2018-11-22T13:52:51.748807+0000","flow_id":348595462300845,"pcap_cnt":29,"event_type":"alert","src_ip":"192.168.180.169","src_port":49157,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:52:57.243406+0000","flow_id":449681812982882,"pcap_cnt":36,"event_type":"alert","src_ip":"192.168.180.169","src_port":49158,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:03.247466+0000","flow_id":1501248721240121,"pcap_cnt":43,"event_type":"alert","src_ip":"192.168.180.169","src_port":49159,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:08.981814+0000","flow_id":1578519478201891,"pcap_cnt":50,"event_type":"alert","src_ip":"192.168.180.169","src_port":49160,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:14.583771+0000","flow_id":1080702704214178,"pcap_cnt":57,"event_type":"alert","src_ip":"192.168.180.169","src_port":49161,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:20.046832+0000","flow_id":103666364224032,"pcap_cnt":64,"event_type":"alert","src_ip":"192.168.180.169","src_port":49162,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:25.585749+0000","flow_id":623043874777391,"pcap_cnt":71,"event_type":"alert","src_ip":"192.168.180.169","src_port":49163,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:31.143374+0000","flow_id":2120668906465428,"pcap_cnt":78,"event_type":"alert","src_ip":"192.168.180.169","src_port":49164,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:36.706948+0000","flow_id":532918281749094,"pcap_cnt":85,"event_type":"alert","src_ip":"192.168.180.169","src_port":49165,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:42.317445+0000","flow_id":38653445722158,"pcap_cnt":92,"event_type":"alert","src_ip":"192.168.180.169","src_port":49166,"dest_ip":"31.171.152.104","dest_port":143,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2825929,"rev":2,"signature":"ETPRO TROJAN MSIL\/Remcos RAT CnC Checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-11-22T13:53:48.656933+0000","flow_id":13297

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2018-11-22-T-14-00-54-11222018.1400-74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap.txt - (12759 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
  --------------------------------------------------------------------------
  Date: 11/22/2018 -- 14:00:54. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2808981      1        1        605316       3.33   34       0        498496      17803.41    0.00        17803.41   
  2        2825929      1        2        4771504      26.26  64       64       463502      74554.75    74554.75    0.00       
  3        2829308      1        2        571678       3.15   64       0        393808      8932.47     0.00        8932.47    
  4        2806561      1        5        561392       3.09   64       0        389358      8771.75     0.00        8771.75    
  5        2010938      1        3        643606       3.54   64       0        388661      10056.34    0.00        10056.34   
  6        2018316      1        4        183846       1.01   4        0        89378       45961.50    0.00        45961.50   
  7        2102523      1        8        450354       2.48   128      0        75206       3518.39     0.00        3518.39    
  8        2828876      1        1        393843       2.17   128      0        58639       3076.90     0.00        3076.90    
  9        2014702      1        9        145592       0.80   14       0        56211       10399.43    0.00        10399.43   
  10       2008120      1        4        112192       0.62   20       0        55742       5609.60     0.00        5609.60    
  11       2018666      1        4        136981       0.75   4        0        39277       34245.25    0.00        34245.25   
  12       2010140      1        7        136435       0.75   15       0        37821       9095.67     0.00        9095.67    
  13       2816920      1        1        224209       1.23   64       0        37731       3503.27     0.00        3503.27    
  14       2014701      1        12       161734       0.89   14       0        35751       11552.43    0.00        11552.43   
  15       2009702      1        5        168773       0.93   14       0        35582       12055.21    0.00        12055.21   
  16       2020741      1        1        121696       0.67   4        0        34952       30424.00    0.00        30424.00   
  17       2102523      1        8        389987       2.15   128      0        34276       3046.77     0.00        3046.77    
  18       2020742      1        1        121807       0.67   4        0        33743       30451.75    0.00        30451.75   
  19       2019230      1        2        168598       0.93   9        0        33677       18733.11    0.00        18733.11   
  20       2811544      1        1        157764       0.87   9        0        32311       17529.33    0.00        17529.33   
  21       2811577      1        2        156962       0.86   9        0        31916       17440.22    0.00        17440.22   
  22       2811542      1        1        147235       0.81   6        0        31823       24539.17    0.00        24539.17   
  23       2002993      1        7        199194       1.10   64       0        29927       3112.41     0.00        3112.41    
  24       2017413      1        3        1099688      6.05   64       0        29744       17182.62    0.00        17182.62   
  25       2102257      1        10       29291        0.16   2        0        26000       14645.50    0.00        14645.50   
  26       2002995      1        10       194526       1.07   64       0        22277       3039.47     0.00        3039.47    
  27       2001582      1        15       186109       1.02   64       0        20447       2907.95     0.00        2907.95    
  28       2803760      1        3        94803        0.52   6        0        19979       15800.50    0.00        15800.50   
  29       2002992      1        7        186201       1.02   64       0        18929       2909.39     0.00        2909.39    
  30       2103158      1        6        360439       1.98   128      0        18557       2815.93     0.00        2815.93    
  31       2002910      1        6        230259       1.27   64       0        18320       3597.80     0.00        3597.80    
  32       2826281      1        2        91167        0.50   6        0        18130       15194.50    0.00        15194.50   
  33       2022543      1        1        74923        0.41   5        0        16511       14984.60    0.00        14984.60   
  34       2825931      1        2        184013       1.01   64       0        16470       2875.20     0.00        2875.20    
  35       2017935      1        3        188178       1.04   64       0        16219       2940.28     0.00        2940.28    
  36       2014703      1        9        108801       0.60   14       0        16212       7771.50     0.00        7771.50    
  37       2013506      1        1        189347       1.04   64       0        15829       2958.55     0.00        2958.55    
  38       2010939      1        3        186707       1.03   64       0        15728       2917.30     0.00        2917.30    
  39       2103159      1        4        178476       0.98   64       0        15153       2788.69     0.00        2788.69    
  40       2823788      1        4        30539        0.17   6        0        14401       5089.83     0.00        5089.83    
  41       2102125      1        10       178164       0.98   64       0        13066       2783.81     0.00        2783.81    
  42       2001580      1        15       177656       0.98   64       0        8489        2775.88     0.00        2775.88    
  43       2008116      1        4        11832        0.07   2        0        8414        5916.00     0.00        5916.00    
  44       2010643      1        3        345084       1.90   128      0        8076        2695.97     0.00        2695.97    
  45       2023614      1        3        36722        0.20   12       0        7279        3060.17     0.00        3060.17    
  46       2002994      1        7        184639       1.02   64       0        4940        2884.98     0.00        2884.98    
  47       2016181      1        2        7034         0.04   2        0        4420        3517.00     0.00        3517.00    
  48       2807830      1        1        94660        0.52   34       0        4122        2784.12     0.00        2784.12    
  49       2010143      1        3        44910        0.25   15       0        4032        2994.00     0.00        2994.00    
  50       2807829      1        1        96427        0.53   34       0        4010        2836.09     0.00        2836.09    
  51       2805023      1        4        172540       0.95   64       0        3978        2695.94     0.00        2695.94    
  52       2025200      1        1        35704        0.20   12       0        3923        2975.33     0.00        2975.33    
  53       2016178      1        2        6482         0.04   2        0        3879        3241.00     0.00        3241.00    
  54       2023612      1        4        31276        0.17   11       0        3765        2843.27     0.00        2843.27    
  55       2023623      1        3        26973        0.15   10       0        3748        2697.30     0.00        2697.30    
  56       2003068      1        7        175873       0.97   64       0        3746        2748.02     0.00        2748.02    
  57       2008117      1        3        12416        0.07   4        0        3730        3104.00     0.00        3104.00    
  58       2013739      1        15       28398        0.16   10       0        3715        2839.80     0.00        2839.80    
  59       2008118      1        3        28988        0.16   10       0        3663        2898.80     0.00        2898.80    
  60       2023627      1        3        12029        0.07   4        0        3634        3007.25     0.00        3007.25    
  61       2101621      1        12       166766       0.92   64       0        3626        2605.72     0.00        2605.72    
  62       2001219      1        20       178056       0.98   64       0        3621        2782.12     0.00        2782.12    
  63       2100327      1        10       169514       0.93   64       0        3583        2648.66     0.00        2648.66    
  64       2023053      1        2        9032         0.05   3        0        3582        3010.67     0.00        3010.67    
  65       2016179      1        2        6251         0.03   2        0        3542        3125.50     0.00        3125.50    
  66       2100518      1        8        6637         0.04   2        0        3534        3318.50     0.00        3318.50    
  67       2806776      1        4        167514       0.92   64       0        3524        2617.41     0.00        2617.41    
  68       2002911      1        6        172800       0.95   64       0        3518        2700.00     0.00        2700.00    
  69       2801347      1        5        14349        0.08   5        0        3492        2869.80     0.00        2869.80    
  70       2802822      1        1        11768        0.06   4        0        3472        2942.00     0.00        2942.00    
  71       2023622      1        3        32352        0.18   12       0        3426        2696.00     0.00        2696.00    
  72       2010142      1        4        41927        0.23   15       0        3424        2795.13     0.00        2795.13    
  73       2019017      1        3        6682         0.04   2        0        3420        3341.00     0.00        3341.00    
  74       2014343      1        2        166904       0.92   64       0        3405        2607.88     0.00        2607.88    
  75       2023624      1        3        32165        0.18   12       0        3401        2680.42     0.00        2680.42    
  76       2009243      1        2        29083        0.16   10       0        3387        2908.30     0.00        2908.30    
  77       2808980      1        1        91473        0.50   34       0        3372        2690.38     0.00        2690.38    
  78       2829110      1        2        168930       0.93   64       0        3372        2639.53     0.00        2639.53    
  79       2023054      1        2        8882         0.05   3        0        3305        2960.67     0.00        2960.67    
  80       2023626      1        3        26046        0.14   9        0        3256        2894.00     0.00        2894.00    
  81       2827589      1        1        169390       0.93   64       0        3245        2646.72     0.00        2646.72    
  82       2023618      1        3        27374        0.15   10       0        3234        2737.40     0.00        2737.40    
  83       2802205      1        3        5985         0.03   2        0        3209        2992.50     0.00        2992.50    
  84       2008119      1        3        14258        0.08   5        0        3189        2851.60     0.00        2851.60    
  85       2023619      1        3        30157        0.17   11       0        3142        2741.55     0.00        2741.55    
  86       2808984      1        1        167455       0.92   64       0        3133        2616.48     0.00        2616.48    
  87       2023625      1        3        32767        0.18   12       0        3102        2730.58     0.00        2730.58    
  88       2802823      1        1        14124        0.08   5        0        3080        2824.80     0.00        2824.80    
  89       2023620      1        3        26632        0.15   10       0        3048        2663.20     0.00        2663.20    
  90       2019010      1        3        5845         0.03   2        0        3045        2922.50     0.00        2922.50    
  91       2023615      1        3        32020        0.18   12       0        3011        2668.33     0.00        2668.33    
  92       2805442      1        2        5539         0.03   2        0        2984        2769.50     0.00        2769.50    
  93       2023621      1        4        26499        0.15   10       0        2868        2649.90     0.00        2649.90    
  94       2023613      1        3        13476        0.07   5        0        2840        2695.20     0.00        2695.20    
  95       2013075      1        8        16191        0.09   6        0        2794        2698.50     0.00        2698.50    
  96       2023617      1        3        26289        0.14   10       0        2774        2628.90     0.00        2628.90    


suricata-4.0.0-etpro-all-alert-2018-11-22-T-14-00-54-11222018.1400-74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap.txt - (13120 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
11/22/2018-13:52:51.748807  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49157 -> 31.171.152.104:143
11/22/2018-13:52:57.243406  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49158 -> 31.171.152.104:143
11/22/2018-13:53:03.247466  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49159 -> 31.171.152.104:143
11/22/2018-13:53:08.981814  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49160 -> 31.171.152.104:143
11/22/2018-13:53:14.583771  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49161 -> 31.171.152.104:143
11/22/2018-13:53:20.046832  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49162 -> 31.171.152.104:143
11/22/2018-13:53:25.585749  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49163 -> 31.171.152.104:143
11/22/2018-13:53:31.143374  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49164 -> 31.171.152.104:143
11/22/2018-13:53:36.706948  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49165 -> 31.171.152.104:143
11/22/2018-13:53:42.317445  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49166 -> 31.171.152.104:143
11/22/2018-13:53:48.656933  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49167 -> 31.171.152.104:143
11/22/2018-13:53:53.902649  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49168 -> 31.171.152.104:143
11/22/2018-13:53:59.656278  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49169 -> 31.171.152.104:143
11/22/2018-13:54:05.292570  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49170 -> 31.171.152.104:143
11/22/2018-13:54:11.116631  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49172 -> 31.171.152.104:143
11/22/2018-13:54:18.310155  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49173 -> 31.171.152.104:143
11/22/2018-13:54:23.520589  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49174 -> 31.171.152.104:143
11/22/2018-13:54:29.028327  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49175 -> 31.171.152.104:143
11/22/2018-13:54:34.620914  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49176 -> 31.171.152.104:143
11/22/2018-13:54:40.075648  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49177 -> 31.171.152.104:143
11/22/2018-13:54:45.650420  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49178 -> 31.171.152.104:143
11/22/2018-13:54:51.126474  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49179 -> 31.171.152.104:143
11/22/2018-13:54:56.810813  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49180 -> 31.171.152.104:143
11/22/2018-13:55:02.456463  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49181 -> 31.171.152.104:143
11/22/2018-13:55:07.867060  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49182 -> 31.171.152.104:143
11/22/2018-13:55:08.193995  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49183 -> 31.171.152.104:143
11/22/2018-13:55:08.474415  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49184 -> 31.171.152.104:143
11/22/2018-13:55:08.966371  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49185 -> 31.171.152.104:143
11/22/2018-13:55:09.260056  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49186 -> 31.171.152.104:143
11/22/2018-13:55:09.636365  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49187 -> 31.171.152.104:143
11/22/2018-13:55:10.052698  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49188 -> 31.171.152.104:143
11/22/2018-13:55:10.351931  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49189 -> 31.171.152.104:143
11/22/2018-13:55:10.645323  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49190 -> 31.171.152.104:143
11/22/2018-13:55:10.927596  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49191 -> 31.171.152.104:143
11/22/2018-13:55:11.283660  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49192 -> 31.171.152.104:143
11/22/2018-13:55:11.546726  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49193 -> 31.171.152.104:143
11/22/2018-13:55:11.892375  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49194 -> 31.171.152.104:143
11/22/2018-13:55:12.205504  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49195 -> 31.171.152.104:143
11/22/2018-13:55:12.454941  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49196 -> 31.171.152.104:143
11/22/2018-13:55:12.796547  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49197 -> 31.171.152.104:143
11/22/2018-13:55:13.102760  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49198 -> 31.171.152.104:143
11/22/2018-13:55:13.389422  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49199 -> 31.171.152.104:143
11/22/2018-13:55:13.708183  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49200 -> 31.171.152.104:143
11/22/2018-13:55:13.959480  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49201 -> 31.171.152.104:143
11/22/2018-13:55:14.287330  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49202 -> 31.171.152.104:143
11/22/2018-13:55:14.677427  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49203 -> 31.171.152.104:143
11/22/2018-13:55:14.931858  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49204 -> 31.171.152.104:143
11/22/2018-13:55:15.189597  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49205 -> 31.171.152.104:143
11/22/2018-13:55:15.471316  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49206 -> 31.171.152.104:143
11/22/2018-13:55:15.983441  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49207 -> 31.171.152.104:143
11/22/2018-13:55:16.371637  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49208 -> 31.171.152.104:143
11/22/2018-13:55:16.709939  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49209 -> 31.171.152.104:143
11/22/2018-13:55:17.165728  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49210 -> 31.171.152.104:143
11/22/2018-13:55:17.484601  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49211 -> 31.171.152.104:143
11/22/2018-13:55:17.761794  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49212 -> 31.171.152.104:143
11/22/2018-13:55:18.096486  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49213 -> 31.171.152.104:143
11/22/2018-13:55:18.375012  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49214 -> 31.171.152.104:143
11/22/2018-13:55:18.804609  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49215 -> 31.171.152.104:143
11/22/2018-13:55:19.056160  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49216 -> 31.171.152.104:143
11/22/2018-13:55:19.364984  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49217 -> 31.171.152.104:143
11/22/2018-13:55:19.713214  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49218 -> 31.171.152.104:143
11/22/2018-13:55:19.986223  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49219 -> 31.171.152.104:143
11/22/2018-13:55:20.333080  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49220 -> 31.171.152.104:143
11/22/2018-13:55:20.665063  [**] [1:2825929:2] ETPRO TROJAN MSIL/Remcos RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.180.169:49221 -> 31.171.152.104:143


keyword_perf.log - (3384 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/22/2018 -- 14:00:54
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            185390          64              64              9079            2896.00         2896.00         0.00           
  flow             227677          64              64              17389           3557.00         3557.00         0.00           
  content          2844224         755             585             400642          3767.00         3697.00         4008.00        
  pcre             94664           8               0               53739           11833.00        0.00            11833.00       
  byte_test        463031          154             122             16575           3006.00         2959.00         3187.00        
  isdataat         13885           5               0               2932            2777.00         0.00            2777.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            185390          64              64              9079            2896.00         2896.00         0.00           
  flow             227677          64              64              17389           3557.00         3557.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2844224         755             585             400642          3767.00         3697.00         4008.00        
  pcre             94664           8               0               53739           11833.00        0.00            11833.00       
  byte_test        463031          154             122             16575           3006.00         2959.00         3187.00        
  isdataat         13885           5               0               2932            2777.00         0.00            2777.00        


unified2.alert.1542895253 - (37290 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
4[ö´³m+ÉÀ¨´©«˜hÀ8[ö´³[ö´³m,þ³TI`’`ŸE.@€ËVÀ¨´©«˜hÀq1Kæ£]KPÜî[DataStart]×addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|0|cmd|9498803|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´¹¶Î+ÉÀ¨´©«˜hÀ:[ö´¹[ö´¹¶Î,þ³TI`’`ŸE2@€ËPÀ¨´©«˜hÀ'RœìÅ¥¸îP/Z[DataStart]Ùaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|485|cmd|9504053|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´¿ƪ+ÉÀ¨´©«˜hÀ9[ö´¿[ö´¿ƪ,þ³TI`’`ŸE6@€ËMÀ¨´©«˜hÀíIôïJCPšU[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|31|cmd|9509287|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´Äû6+ÉÀ¨´©«˜hÀ9[ö´Ä[ö´Äû6,þ³TI`’`ŸE:@€ËIÀ¨´©«˜hÀs†ë>5[vPy[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|47|cmd|9514678|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´Êè[+ÉÀ¨´©«˜hÀ	8[ö´Ê[ö´Êè[,þ³TI`’`ŸE>@€ËFÀ¨´©«˜hÀ	s/?ý—¸yP×[DataStart]×addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|0|cmd|9520021|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´Ð¶ð+ÉÀ¨´©«˜hÀ
9[ö´Ð[ö´Ð¶ð,þ³TI`’`ŸEB@€ËAÀ¨´©«˜hÀ
þ²·ýsŒP®†[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|47|cmd|9525271|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´Õð+ÉÀ¨´©«˜hÀ9[ö´Õ[ö´Õð,þ³TI`’`ŸEF@€Ë=À¨´©«˜hÀ:óïӄh‘PЎ[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|31|cmd|9530584|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´Û0+ÉÀ¨´©«˜hÀ;[ö´Û[ö´Û0,þ³TI`’`ŸEJ@€Ë7À¨´©«˜hÀû;Ñð
êÝP
k[DataStart]Úaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|1328|cmd|9535912|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4	[ö´à
Ʉ+ÉÀ¨´©«˜hÀ
9	[ö´à[ö´à
Ʉ,þ³TI`’`ŸEN@€Ë5À¨´©«˜hÀ
ˆ’áËÜ%¨PÓq[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|62|cmd|9541240|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4
[ö´æØ+ÉÀ¨´©«˜hÀ9
[ö´æ[ö´æØ,þ³TI`’`ŸER@€Ë1À¨´©«˜hÀa^²0²ˆƒëPæ‹[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|15|cmd|9546599|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´ì
%+ÉÀ¨´©«˜hÀ:[ö´ì[ö´ì
%,þ³TI`’`ŸEW@€Ë+À¨´©«˜hÀLëN×ÚÓæ@P@[DataStart]Ùaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|546|cmd|9552099|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´ñ
Åù+ÉÀ¨´©«˜hÀ9[ö´ñ[ö´ñ
Åù,þ³TI`’`ŸEZ@€Ë)À¨´©«˜hÀô&òò
ä~PUi[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|47|cmd|9557709|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4
[ö´÷
–+ÉÀ¨´©«˜hÀ9
[ö´÷[ö´÷
–,þ³TI`’`ŸE^@€Ë%À¨´©«˜hÀp±RƒèåÞ P«Z[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|31|cmd|9563209|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[ö´ývÚ+ÉÀ¨´©«˜hÀ9[ö´ý[ö´ývÚ,þ³TI`’`ŸEb@€Ë!À¨´©«˜hÀÛÝÁuÈH2ýP•ï[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|15|cmd|9568599|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµǗ+ÉÀ¨´©«˜hÀ:[öµ[öµǗ,þ³TI`’`ŸEf@€ËÀ¨´©«˜hÀÈ-„äd½Ú%Pë[DataStart]Ùaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|141|cmd|9573959|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ
»‹+ÉÀ¨´©«˜hÀ:[öµ
[öµ
»‹,þ³TI`’`ŸEm@€ËÀ¨´©«˜hÀtÔ:Í»»ìPQk[DataStart]Ùaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|625|cmd|9579209|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµñ+ÉÀ¨´©«˜hÀ9[öµ[öµñ,þ³TI`’`ŸEp@€ËÀ¨´©«˜hÀN¬÷TVþ#Ptw[DataStart]Øaddnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Administrator: C:\Windows\system32\cmd.exe|cmd|1|cmd|15|cmd|9585224|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµn§+ÉÀ¨´©«˜hÀ[öµ[öµn§ç,þ³TI`’`ŸEÙt@€ËEÀ¨´©«˜hÀþy$…
8vPü‹[DataStart]¢addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|63|cmd|9590537|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ	yr+ÉÀ¨´©«˜hÀ[öµ[öµ	yré,þ³TI`’`ŸEÛx@€Ë?À¨´©«˜hÀ°Â†X¼M9ÛPø‰[DataStart]¤addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|1828|cmd|9595912|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ '€+ÉÀ¨´©«˜hÀ[öµ [öµ '€é,þ³TI`’`ŸEÛ|@€Ë;À¨´©«˜hÀm±¹ð…ãœP¤s[DataStart]¤addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|7094|cmd|9601178|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ%	ì´+ÉÀ¨´©«˜hÀ[öµ%[öµ%	ì´ê,þ³TI`’`ŸE܀@€Ë6À¨´©«˜hÀ€~
Õnõ	P‚é[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|12453|cmd|9606537|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ+î
+ÉÀ¨´©«˜hÀ[öµ+[öµ+î
ê,þ³TI`’`ŸE܄@€Ë2À¨´©«˜hÀ•×"Š"6Pœ![DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|17719|cmd|9611803|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ0_=+ÉÀ¨´©«˜hÀ[öµ0[öµ0_=ê,þ³TI`’`ŸE܈@€Ë.À¨´©«˜hÀÒUcÃy}lxPOH[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|23187|cmd|9617271|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ6÷+ÉÀ¨´©«˜hÀ[öµ6[öµ6÷ê,þ³TI`’`ŸE܌@€Ë*À¨´©«˜hÀn¥œØ¡Prë[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|28562|cmd|9622646|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ;
:ô+ÉÀ¨´©«˜hÀ[öµ;[öµ;
:ôê,þ³TI`’`ŸEܐ@€Ë&À¨´©«˜hÀD¢*Ûä£WP¸›[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|33797|cmd|9627881|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ<õË+ÉÀ¨´©«˜hÀ[öµ<[öµ<õËê,þ³TI`’`ŸEܔ@€Ë"À¨´©«˜hÀ¢c“´ÍPá$[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 bit)|cmd||cmd|2102112256|cmd|1.7 Pro|cmd|C:\Users\Administrator\AppData\Roaming\remcos\logs.dat|cmd|C:\Users\Administrator\AppData\Roaming\Microsoft Audio Card\Microsoft Audio Card.exe|cmd||cmd|Program Manager|cmd|1|cmd|34109|cmd|9633193|cmd|1|cmd|31.171.152.104|cmd|remcos_mmmatcfvzjkwwqo4[öµ<=/+ÉÀ¨´©«˜hÀ [öµ<[öµ<=/ê,þ³TI`’`ŸEܘ@€ËÀ¨´©«˜hÀ úÎK~ÈP‘[DataStart]¥addnew|cmd|Host|cmd|TZBZO2560958973/uaVgSVa9322Nk|cmd|US|cmd|Windows 7 Professional (64 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1207 bytes) - download
1
2
3
4
5
6
7
8
2018-11-22 14:00:21,170 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-22 14:00:21,947 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-22 14:00:21,948 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-22 14:00:21,948 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-22 14:00:21,948 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-22 14:00:21,949 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/100ab93fec641d51f91e32605d4fb1c056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11222018.1400-74c72499de6f7db7f53a573a11c23342ff399b07123f9e4461c9e067697751ef.61.pcap -vvv -k none
2018-11-22 14:00:54,324 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-22 14:00:54,325 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 33.1633319855