Filename: eternalblue.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.26459693909 seconds
Hash: 4056e7e10cebd32c99d694f6a6a649f3
Uploaded: 1558531024

Logfiles


suricata-report-2019-05-22-T-13-17-14-05162019.1504-eternalblue.pcap.txt - (18077 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/4056e7e10cebd32c99d694f6a6a649f3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05162019.1504-eternalblue.pcap -vvv -k none
elapsedtime:8.311552
stderr:
stdout:
22/5/2019 -- 13:17:05 - <Info> - Configuration node 'rule-files' redefined.
22/5/2019 -- 13:17:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/5/2019 -- 13:17:05 - <Info> - CPUs/cores online: 1
22/5/2019 -- 13:17:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31155 and 'request-body-inspect-window' set to 16314 after randomization.
22/5/2019 -- 13:17:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33109 and 'response-body-inspect-window' set to 15845 after randomization.
22/5/2019 -- 13:17:05 - <Config> - DNS request flood protection level: 500
22/5/2019 -- 13:17:05 - <Config> - DNS per flow memcap (state-memcap): 524288
22/5/2019 -- 13:17:05 - <Config> - DNS global memcap: 16777216
22/5/2019 -- 13:17:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/5/2019 -- 13:17:05 - <Config> - preallocated 1000 hosts of size 136
22/5/2019 -- 13:17:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/5/2019 -- 13:17:05 - <Config> - using magic-file /usr/share/file/magic
22/5/2019 -- 13:17:05 - <Config> - Core dump size is unlimited.
22/5/2019 -- 13:17:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/5/2019 -- 13:17:05 - <Config> - preallocated 1000 defrag trackers of size 168
22/5/2019 -- 13:17:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/5/2019 -- 13:17:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/5/2019 -- 13:17:05 - <Config> - stream "memcap": 33554432
22/5/2019 -- 13:17:05 - <Config> - stream "midstream" session pickups: disabled
22/5/2019 -- 13:17:05 - <Config> - stream "async-oneside": disabled
22/5/2019 -- 13:17:05 - <Config> - stream "checksum-validation": disabled
22/5/2019 -- 13:17:05 - <Config> - stream."inline": disabled
22/5/2019 -- 13:17:05 - <Config> - stream "bypass": disabled
22/5/2019 -- 13:17:05 - <Config> - stream "max-synack-queued": 5
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly "memcap": 134217728
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly "depth": 0
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly "toserver-chunk-size": 2633
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly "toclient-chunk-size": 2611
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly.raw: enabled
22/5/2019 -- 13:17:05 - <Config> - stream.reassembly "segment-prealloc": 2048
22/5/2019 -- 13:17:05 - <Config> - Delayed detect disabled
22/5/2019 -- 13:17:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/5/2019 -- 13:17:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/5/2019 -- 13:17:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/5/2019 -- 13:17:05 - <Config> - prefilter engines: MPM
22/5/2019 -- 13:17:05 - <Config> - IP reputation disabled
22/5/2019 -- 13:17:05 - <Perf> - Registered 148 keyword profiling counters.
22/5/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
22/5/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
22/5/2019 -- 13:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
22/5/2019 -- 13:17:07 - <Config> - No rules loaded from ET-emerging-icmp.rules.
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
22/5/2019 -- 13:17:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
22/5/2019 -- 13:17:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
22/5/2019 -- 13:17:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
22/5/2019 -- 13:17:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
22/5/2019 -- 13:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
22/5/2019 -- 13:17:10 - <Config> - No rules loaded from local.rules.
22/5/2019 -- 13:17:10 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
22/5/2019 -- 13:17:10 - <Info> - Threshold config parsed: 0 rule(s) found
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tcp-packet
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tcp-stream
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for udp-packet
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for other-ip
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_uri
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_client_body
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_accept
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_accept_enc
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_accept_lang
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_referer
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_connection
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_method
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_raw_uri
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_user_agent
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_host
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_raw_host
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_stat_msg
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_stat_code
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for dns_query
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tls_sni
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 13:17:10 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 13:17:10 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
22/5/2019 -- 13:17:10 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/5/2019 -- 13:17:10 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
22/5/2019 -- 13:17:10 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
22/5/2019 -- 13:17:10 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
22/5/2019 -- 13:17:10 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
22/5/2019 -- 13:17:10 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
22/5/2019 -- 13:17:10 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/5/2019 -- 13:17:11 - <Perf> - Unique rule groups: 111
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toserver TCP packet": 31
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toclient TCP packet": 20
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toserver TCP stream": 31
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toclient TCP stream": 21
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toserver UDP packet": 33
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "toclient UDP packet": 15
22/5/2019 -- 13:17:11 - <Perf> - Builtin MPM "other IP packet": 2
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_uri": 8
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_header": 6
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_header": 3
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_header_names": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_start": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_method": 3
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver http_host": 2
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver tls_sni": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toserver file_data": 1
22/5/2019 -- 13:17:11 - <Perf> - AppLayer MPM "toclient file_data": 5
22/5/2019 -- 13:17:12 - <Perf> - Registered 18241 rule profiling counters.
22/5/2019 -- 13:17:12 - <Info> - fast output device (regular) initialized: alert
22/5/2019 -- 13:17:12 - <Info> - eve-log output device (regular) initialized: eve.json
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'alert'
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'http'
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'dns'
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'tls'
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'files'
22/5/2019 -- 13:17:12 - <Config> - enabling 'eve-log' module 'ssh'
22/5/2019 -- 13:17:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/5/2019 -- 13:17:12 - <Info> - st

This file has been truncated. Go here to download in full.


packet_stats.log - (5541 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1438           970764      218721416     149261374        214.6b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1438            65947       19929568        201108        289.2m   95.55
TMM_RECEIVEPCAPFILE         IPv4       6          1420             2530        4868710          6456          9.2m    3.03
TMM_DECODEPCAPFILE          IPv4       6          1420             2645          43086          3036          4.3m    1.42

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1420             2809         384332          3808          5.4m  2.09  
stream                  IPv4       6          1438             2665          99225          8216         11.8m  4.56  
detect                  IPv4       6          1438            43668       19891279        164498        236.5m  91.38 
tcp-prune               IPv4       6          1438             2536         390974          3534          5.1m  1.96  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6            26             2630           6690          2971         77.3k  100.00
Proto detect            IPv4       6            69             2669          16313          3238        223.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            11            36365         125546         61146        672.6k  26.96 
LOGGER_UNIFIED2             IPv4       6            11            23474         190816         61373        675.1k  27.06 
LOGGER_JSON_ALERT           IPv4       6            11            60408         240997        104309          1.1m  45.99 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           584             2523        5835576         28787        16.8m  61.21 
stream                            IPv4       6           584             2522         669945         18245        10.7m  38.79 
Total                             IPv4                  1168                                         23516        27.5m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           156            18444          61616         23014          3.6m  1.57  
PROF_DETECT_RULES           IPv4       6          1438             2525        3723364         44998         64.7m  28.26 
PROF_DETECT_STATEFUL_CONT    IPv4       6          1438             2503       19205832         16872         24.3m  10.60 
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           436             2547          23915          2759          1.2m  0.53  
PROF_DETECT_PREFILTER       IPv4       6          1438             7671        5874305         37610         54.1m  23.62 
PROF_DETECT_PF_PAYLOAD      IPv4       6           584            14708        5847261         55569         32.5m  14.17 
PROF_DETECT_PF_TX           IPv4       6           436             2627          36655          3042          1.3m  0.58  
PROF_DETECT_PF_SORT1        IPv4       6           506             2538          46654          3456          1.7m  0.76  
PROF_DETECT_PF_SORT2        IPv4       6          1438             2506         386294          3249          4.7m  2.04  
PROF_DETECT_NONMPMLIST      IPv4       6          1438             2518        2147454          4871          7.0m  3.06  
PROF_DETECT_ALERT           IPv4       6          1438             2518       19768594         17040         24.5m  10.70 
PROF_DETECT_CLEANUP         IPv4       6          1438             2542          51764          3000          4.3m  1.88  
PROF_DETECT_GETSGH          IPv4       6          1438             2510         389229          3563          5.1m  2.24  


stats.log - (2395 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
------------------------------------------------------------------------------------
Date: 5/22/2019 -- 13:17:14 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1420
decoder.bytes                              | Total                     | 577766
decoder.ipv4                               | Total                     | 1420
decoder.ethernet                           | Total                     | 1420
decoder.tcp                                | Total                     | 1420
decoder.avg_pkt_size                       | Total                     | 406
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 78
tcp.sessions                               | Total                     | 78
tcp.syn                                    | Total                     | 78
tcp.synack                                 | Total                     | 78
tcp.rst                                    | Total                     | 78
detect.alert                               | Total                     | 11
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.smb                         | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 74
flow_mgr.flows_notimeout                   | Total                     | 74
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65462
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7096768


eve.json - (4568 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{"timestamp":"2017-04-14T17:30:36.157874+0000","flow_id":1754313873224484,"pcap_cnt":10,"event_type":"alert","src_ip":"172.16.156.130","src_port":50927,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:38.261434+0000","flow_id":1754313873224484,"pcap_cnt":225,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50927,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:38.385102+0000","flow_id":1754313873224484,"pcap_cnt":341,"event_type":"alert","src_ip":"172.16.156.130","src_port":50927,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:55.455943+0000","flow_id":2097479613913639,"pcap_cnt":410,"event_type":"alert","src_ip":"172.16.156.130","src_port":50948,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:57.629856+0000","flow_id":2097479613913639,"pcap_cnt":652,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50948,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:30:57.753580+0000","flow_id":2097479613913639,"pcap_cnt":798,"event_type":"alert","src_ip":"172.16.156.130","src_port":50948,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:14.864951+0000","flow_id":1406679222764416,"pcap_cnt":882,"event_type":"alert","src_ip":"172.16.156.130","src_port":50974,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:15.820482+0000","flow_id":2131180076107010,"pcap_cnt":1089,"event_type":"alert","src_ip":"172.16.156.130","src_port":50996,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001569,"rev":15,"signature":"ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection","category":"Misc activity","severity":3}}
{"timestamp":"2017-04-14T17:31:17.183525+0000","flow_id":1406679222764416,"pcap_cnt":1147,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50974,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:17.302534+0000","flow_id":1406679222764416,"pcap_cnt":1323,"event_type":"alert","src_ip":"172.16.156.130","src_port":50974,"dest_ip":"10.128.0.243","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-14T17:31:32.372713+0000","flow_id":1406679222764416,"pcap_cnt":1410,"event_type":"alert","src_ip":"10.128.0.243","src_port":445,"dest_ip":"172.16.156.130","dest_port":50974,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}


keyword_perf.log - (5659 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/22/2019 -- 13:17:14
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            289621          78              78              39208           3713.00         3713.00         0.00           
  flow             369712          115             115             16216           3214.00         3214.00         0.00           
  threshold        396015          87              1               41104           4551.00         2993.00         4570.00        
  content          8616700         1402            753             179476          6146.00         8331.00         3609.00        
  pcre             1741610         436             13              49306           3994.00         14002.00        3686.00        
  byte_test        620042          176             38              43503           3522.00         2994.00         3668.00        
  byte_jump        19603           6               6               4238            3267.00         3267.00         0.00           
  flowbits         119097          18              15              42560           6616.00         4539.00         17003.00       
  byte_extract     223886          69              69              17352           3244.00         3244.00         0.00           
  asn1             146788          6               0               40687           24464.00        0.00            24464.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            289621          78              78              39208           3713.00         3713.00         0.00           
  flow             369712          115             115             16216           3214.00         3214.00         0.00           
  flowbits         59780           6               3               42560           9963.00         2923.00         17003.00       
  asn1             146788          6               0               40687           24464.00        0.00            24464.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8616700         1402            753             179476          6146.00         8331.00         3609.00        
  pcre             1741610         436             13              49306           3994.00         14002.00        3686.00        
  byte_test        620042          176             38              43503           3522.00         2994.00         3668.00        
  byte_jump        19603           6               6               4238            3267.00         3267.00         0.00           
  byte_extract     223886          69              69              17352           3244.00         3244.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         59317           12              12              6484            4943.00         4943.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        396015          87              1               41104           4551.00         2993.00         4570.00        


unified2.alert.1558531032 - (15570 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
4Xñ<h² Â	¬œ‚
€óÆï½°Xñ<Xñ<h²”PVè
±)ïjE†ԀΘ¬œ‚
€óÆï½ÒÛix›|MPù¾uûZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4Xñ>ý:ã
€ó¬œ‚½Æï‡Xñ>Xñ>ý:k)ïjPVè
±E]q‰€u
€ó¬œ‚½Æï›|ÒÜb%PúðÇW1ÿSMB+˜ÀÿþAJlJmIhClBsr4Xñ>àNãi¬œ‚
€óÆgXñ>Xñ>àNkE]f–¬œ‚
€óÆï½P¯k1ÿSMB+ÀÿþAJlJmIhClBsrXñ>Xñ>àNêEÜa¬œ‚
€óÆï½P±o5ÿSMB3ÀÿþA	5ÐónMMmL4Fh9Uz0/K53I+m4rfdSIoXNNp7eIvIY+VYa4msL29l3kH6DZ61W7O9XXoYq6F6XXtVNv62IEpWUOwL17bYurc/fMdbgclfEvddMjomJBpXyp05WVfZkD9sODwqmf4dFRuohf2bM/U2bXfQbTizIn5f6SywejR0EOIYu/2U6E1VcgPJmeQcqG55kZMCRUd6fkxB4k4JkiRr/O8C44bhadEVXPXE64yB6+STHAC/dFDMoVxGKv55B1xvFX6vM4IXAImv6GZP4C2Lu5hY3oTjk7r1k4tBeBf5ZrLmSc9itACsLPW/3D0NpEFFFJ0qfmtzazEwOxfPDIN3bjaccncdrPbhVi8AP3IrEZUaELSOJXzEaYiRKWjEIsl/KICeI2emteI49tXcN5OQV5sMn7nXeaabVaOMGcyLdIfIR5v10vWKacDVYQHD0DAdDS8H+6hclqpqNoPcpgNnffvkM3p8qPohxar0SHDE0EL+Yck3AgYk0VpQTlxlB05Uxw4q1EStQ5QXqo962jGgjxqBDsj7YxCyZ0ptRfORSHg8ZjCtT/KdJ4TpBFg/CNRNCqZjzFi6Cu23jtYOqMH2MHBNDUXXFjt/QVy37G+229Q4btrmWY+iCLqZJQxtRRx3nKK3hw+FL+DxgBsCB3dtX7B1sbFckxSjBh5Jw2/LYXgSF9zgKakkRaoB2AXH0ISVivtwdsAF7lrbvxz5Odt8n/+BWicRhkL+b5pPkas41yMMCHMX7I4N8SKRLK90oueOSIkPVJ1bJ8ONVphX1EqAAbQgk3neykugrBEmqifijiY394uGHBnEhDM21oPemJ2TtosMhzN4vGUZMigSt5cVGaQ0VDicLV2dp8qejUEnUXp2yaD5fOdX9bypefYWLcDnWxGd/5m3qhv9UC0XdEQe3BZ6laSnFfkj5LQp6MF49l/Pa8HMvWvPceBuASDfPjlXSyZEPLChZwy9vjODO7JNH3t15tUFkpauchk1b9IAJA7UsL2T9rI9RDd7nNAH1adIVjrGAvHMQ9zBzuCTFbaOzIstyoMC42gcQML4RvcwlzzG6TWIpjFddNgg2hbsHVmcL8eswKVYQAGmpflKNpOcwaaniHferYhOpRH7LoImywM+GjRYKlgJRgtocwgG382WxLA+JEQZPxY2ZpxXxTOXu/oiDXXowFczTlX0sHi0D0Z6TUYPS66HEMKIB16A+5u6TF0a23nAefz5d15/y6Ul3upGH12XoZ2j7QyUSK3LuXWS6bu+oPJ0acwo7ewYQR0pNQjvNobF4XfrWlC4ACZs4UQNPh8yn6c6brLpBVR/6S8yYUpPsOXp/tW5A1fGYIiQXGFMZJ8nRF8GGFPGiVex32FZBLizyjo0rp98yeB27IechVsfsGnJFpgkdja/JXHTXñ>Xñ>àNêEÜa¬œ‚
€óÆï½PùdO8DdUesH/hzZskuuBOOu3gosq5jq+splYi48fbDzUD6Qxy97yB6jIKhGGNXrXaMIZMtf3JieFu6RJZ6HiQTD8eTp5pkFzx3hf73rmTrRDGzmL3VWaVygkFYGePneffW+5eke27BdbygHPUe7tGawowo4Dydj90VgFS0/eI0ptGyS+g03W2U78m7uhEO+zfaXUtyOMDoc/0FqMSFvAh5ZlSIgVo9vuby/znjZhio53i7mEH+PlfpJ7/3HTRInN7RolciRGRoWGdS3c/twkTyCSX/Il6Y6mNlSmcjBLfloY12X1iBVoZz0hLTyk5Gu4Lb/dsZic8NCLGvxCSN5KEWk19dTZDS4bGcCNHekt2oNOlzq95VwgQEGmwRMCq9YgSJuxE9k4ZOu4kS2CcD/PyZ6uCx8FfKQuQxSmACC/o6wY1emNz8BWuqXIXhRLT9AE/ekOzuTzKwGIm97l8OZea6QofB4stjFze4WGPveE5bb/Kd6h4nu4Xy1B0qaNnRh1HJpJP89CiLmNPEuAtLCb/oSNxXwZ0nP/9keV6XU7C+fqyICZ+4uXWSy44q+HSNnbOXGTDeN92p6cxGiY2t0T44iPgn/E7iSvQc3zPxsEyNd5MZ6Av+myhDNPQhYix0xvYmUQvMr4vIw2cUN/TJj/u7IKWEqYaiVUzv9Ec4PgIgD0duGBqE70mfcZgkiU9DOBUIx0SUxCVb68o6388LRBdpIB96EomiZ/Gkg6tK79x7uR46MQPnOWcWZ4PlN/UwqsAdnIy47rg5Eqlxa6KXxQiUKoNALK2NnXHfFt9A4hKga7QrfRG3GhEivah+ejsjDDtJuShmYjb+OIeoE4Umo1gZggJbBtpZhMqcXpNkBMqf57Q1y+DJ6pxBUdE/9LBk5piAoqsvEQCTo6eUJ23LiboYK44kPQ8WGB640rtG/eQkJFngpx2M8MNUXAWm94hzKRfQmPRwqrp7/HdAkHZQ0ESJu76h0piuoSh491BeragETAMBdcYt65xf+6wo3LhmpuNDcXPVz+QMcdXbQW549kTTUucjLu56iqapBAcpgXEZ6ziO3WNx68WOai027fnhoSOZyTNtZutHum+PBuYSziruW2Ot6thHEzVUS97RbS8L93Ha7u7gxV84lEiHsK6WsMXfcYivhvVIBn2QP6cDj/85NbfD/bSVB5f4oB4sN/VWt+qV1MEOhWQn2dwsSpJ03hFlzllRsZmQVZf+p0JUmFKSTNYzRdqjSpVV286myjlFrqIyvF/Pbg+Xr+kugQgVbpzDCWn5oCfLtR/EvNVm92yvDZyyOGpgcJtpP5HcQt6NZkRhBVZrJd9JMCMZSDEct70w807/hBaMDuNyC/9Wok5iC4fmMAeEOrH82q1tT+q1a6PWB4QaNDQxZc9frjzt7TCge/TbKJ7Amc7H/FGi9Rf/rNOt97ss0NoTI+2krT0Se8YeA6Ulaf8T#Xñ>Xñ>àNEùaú¬œ‚
€óÆï½P,ãrKefI3L0LwRLntqWTAZBE4jYd+ArM2Anth6Wsz2gRTGYOUfxlEx9V00HEjNHhqzaCFgaUQtvMLepgbak4fm2BsKan8wF1k€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€q»nv5dWOEq3ZQl2PcTyBNRBdxN2R1xY7nCHOyEtLoGXrFaG0cuUjZJb4ZBqEChlSQRBDnmKEgirfjr+WL7oSGfAA8UrgqFZVk4zRrPVhLjz91eJy+MwGXWKzpfYpKa7pNjlXiwouz2B5ky+aXLuz0KuQsEIwObxx/KaH+8Te19zynp05XqU6wcYz5UjfWSoLxXrj8ilhzBhtaDiILtmNxvhJy1D/PGmrHEC+M9PsROCbI1TKi2mCEX61VPDOyatr5JaYctiihEfaYY7WDGIOePPIJDwg2maX92jn19Jv2hMzDxJsoEBtROQ7mewmJEBILIrXQZ5F1Ds2Js36+7yXqVJ5KDpWu4A8pKZpuTzxNzp1JwEc8XD7Bu9pznKwS3I8FXaIc2VCK4r7SrVILtNKOupuiMBUYPMATL6IzE66M7iQaZaUajt1ao+1QxQ9NMI80h68st/17fpXbeUv6RCEL2CpuGga8y6cIx20cPYzY8qbhfjVtq4nH9fWkbIDaH2J8Yaqn2w+ei2h89RTydjJX/5Sm2exME+ublN75osC0CFxkKS8ABM0xym4jhrpVwJD1wTlEeFPvHZr06oep8lN2R9TdKzpXzhG15iC3n/mXAKJfXAjwi3kILSeOKGTn1SCbgScKsZ3Mpft3cgEk1skcQDrT49cnjlmYznpVkyx3vWpOAo6QUFxyD+6LV8sWKh8nLPOdGEMXlSS4EbQmTJAvfDsNZZ54HvKhMOaC6sdGiSQLQ4MNuO50d1UlNrSLKQO4krUXfYjcpv4ziFEYDzRNu9YWHTebrA/4Jc48zMXUS6y0qLiGpdDLxcSu/u9xAbat8HIc6Hft8bX4qtcKhYBs8PT/uPi1TXQYw+2GIrQxPOlHllmxYcl9XghMuHmr3ivvj0H9PeUtoXPlQ/INULcfBz1Z4GwGK7vY7OPLSon1cNpwpk+Q2+n3CdSCBBq3p5m5ngLz==4XñOõ Â	¬œ‚
€óǽ°XñOXñOõ”PVè
±)ïjE†€ÍϬœ‚
€óǽß›¿œüiPù¾¹ÑZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4XñQ	œ`ã
€ó¬œ‚½Ç‡XñQXñQ	œ`k)ïjPVè
±E]su€s 
€ó¬œ‚½Ç¿œý(‘ØHPúð.1ÿSMB+˜ÀÿþAJlJmIhClBsr4XñQ¬ãi¬œ‚
€óǽ‡XñQXñQ¬kE]f–¬œ‚
€óǽP¯V1ÿSMB+ÀÿþAJlJmIhClBsrXñQXñQ¬êEÜa¬œ‚
€óǽPlK5ÿSMB3ÀÿþA	5Ðó5ysKoeTgwe314oEN9Fcv8bOZLyS8OLnJiRpCill5cWH3ojJZfhsuBo5B1t+eADNXWR6Emi9vtehx44nIVLJmVPMw25NCcuwxRHzDa/Ac0BHi++YOBNOjI/ZFx7i4oTPd50+vPuAQ5CdmKRTRvOUVBPUlJVzNpOao6ZpiC2+OO5OTcOC19EXRsRUeW2yd0MhRQRirSAECT9k7LvVS+rTDFE+GE027AEJY+lE7CA62/3kT14X8zpHgyPFAXA3XbF0FOdlKL+ZNOpKBBCp5mA8p0XkG0QDGFTiyyImNXVnTU0xiIAatAJ9g0MLaYEXJQivpW2u9U3nPmY3w0I6OIHAMOUMo5VB4W4HLwLJwo2KVc5UZDGeWIBpXaWfN5a0Fj3Si/VphDjyYIbjyXGwK/QIsRVC+hbdEegCWV3DL9SHnYRT/8RaJGNbNzJ+Tul3ifLH09WPrIN5QTXsyseX2KdcqFdY4AigIXQvwckHbZT1AsljAy4xXn+b9YfGlR7QVizE4ep78O81kqJian/ud/es9kEQGKjGD+XasTRGl8TcD6G2QbIMw2bR+Sz5LhaTDHDBzCdMWl7dkzCX6zGbz3dpEbv1+IqEjmKIkGPC0KH4nD9HBTHJIzCi6FV/YT61eGsyM1mSKncvV+jZY4u4wCtNVItIPHVkLMBHyuolDqL2iyUbvbaDZCY5yIBSvWWh5BrBw/H+kh396eJej4fP273pY4brciG1ZLw1TFQHtjSguT5luvNDl86i+u6DySePPVIQ7p0/eaPiFO9ZPil0r0sJBPbHjFgaa2S7SpNN29G1yMeK/m4770amIhcuhInhencia+vuD3uZdlem+3NGeBLSzU0ZPR+41ai/IcawHQSukhDVVD1Ut2VBO8oXuly/bCyVeX6AKPHbRwZqNJUKOs0pQ4XE1/fZN0Am4aeCvqwCt246XnZRE18pHtnXuR2Sb5JrxZ/ygSjM1NUBx+lLKOjC8odBI78sx2bKmm2LMBk9HKnywIXqcDsxddWfz4ZEGVeo8ES5mmDtZG74guuEk6YkQT9r21rHNRSd0ULwQ5gr8C/d2Z9aJGbKbKgNTlRoM7lo11DLikK5VOIyy50HGQtTz6s3QM2OQ3S0YWlxy48WOPG0XfsQbxFdpd48tmgEp4afZ3L2wglFFxQsg/FbSuaoVW2g321CiuslsIIC9AqZlQ3qZGXIhXfi765u51LoquDFVE+79/lRB+LrY93KB7KTf/LoraIxI47Y9bjbP7fbDGu6Q9TKdIOf9Do09TtAOxUc943NjV5fVH9/OKo6uCKy2wRLp+LO/aAJ8O2p3Wo7/7eey0NuRTaXPoVF5KkYZJoUiEh2encmAta1v0w0YEZsVVvG99fsaznI/hfGBM6opKQarYSIbidn00uinladXñQXñQ¬êEÜa¬œ‚
€óǽP±ñ5DXOrUXSriR1L5J5yIpS6IhSEL0MgRKF0U1pUM+bWVRt17KsRh3Yx36ebFMiEOSHOLJKQX9DgQEDoFKgHfY2yRcTn94RyZiMSWYkhd+2baWXjZSz3TuzJ6sOWonVE9IfQYSVHOYUyeXi7h4dZEC5CqQblAV7b3wpdJgjLHaZW++YItSEoqvVWyrt21BYkI1nDPZ4v8e3ADlwIlajp58H5zq1g0yS1lG401F0VcBqNUhhA5hT6sAsSENeuhpHNbSc4pPobMTDb7YV9UwNIqZmoofFJrRvdD98NFiyRCQJgxRbhEBut1RBAPn+hVMUmTsS912a0OnwFz0O1pF4VdmLZsDYc+12SDylR0ZBuJq48ygw73xC2Qmn/AwzBJk6Mp2h1Ngm2C7NNqMg506PMK5M7BmnVwnZXxzifg4rj5PzFXU0QdoHkLumqxRZytzXF5lLxVEEuW+RZQhsJpehQIfLgC2B0FT6rrSc36aWbbnZ/MgaEy79/2+9JVYCgUGaAHNx2NGkC6bJ4jog4zewFRf97M8bJmK0OWkpeB9WRJw21pLIhTOFwcKF05fFY0/yF5RhRP+fNHB8lqocuhnh2S6VEm8tg4GnHUF9GNZGc9Ow1Oa4PCR+KOjAibZ9Zd6KE0Yl3q0HJr9TDJx+GUq0mGH3Y2Zf+uYnyCwVcBezN58w3DWW9YGaAB3ryZmQanGQd8tBq1ofJXbr8har8Dpf1warD8ZNa4dJRrfP3Wp7j0lcAIrI7S+hALsJVujh7ZKpyaKFqHycFsyWff77CCQL1PTI/EA2SJdaPlN/N/PDEm6xB5BbF3tqXa4aElS3KL6Zy+xLSR23Ej9QguZMlnZ+OJW8bC0520BH2uXYtj8BZrq/3ASH1N7H6GzzdYPlPYF9p0A6MKF/YOzNWrCkf8Bd9MmBpvs54N1IAYi3b5KMP+Tx52kTGneu9wTU/b5FMWhx3gzOcmfu5UoNtvdx+8uZgiM0VxjWh22d9mpIPlYaqOKwJZ285ITx1JoTjPD6L11JEPCXNoiBhYlxR3QOg/q5EzBPok89YCj7xohEC/MC4v54be4MbqjJhm066s4DKr2WE766QIkqKklBHhtkcNtKu/ZJPQgozHDxAtqA8NgzPlMcEmT6LCAlJEgC402NcbCLhyrZql9eUcxES8Pon8O1Z4u4kc2JGfk5pyfRwm7EroFSzwDhCksgkUGKflf/L+6cqVtqZCpgv+vRABH63XmMz1gpHAkFWfopNwg1NHoP7I42lAfWa6yB5/lOYwlhpZJnEd5KAfxpuU2+/qIdIb2c82TEGf6FoDx1f8a65tpi8Mek6BfE1fwuIINzMdNpdmSR2P1OFjU6971BvuyWtrYyQEsV/lhWWnk4tS+u/qv/kPcdoM49zyZxjEPIzfyyToXN0OeJno7feje2/0kJQW5/9eUDdFs496lJBlfyXuEtjs5s3VaiHu6tGFji#XñQXñQ¬Eùaú¬œ‚
€óǽPMVTvtyiOcC1AII5VG+F5cPjfHJR0guSXWmxVFZSE/EKhN00VkxN1Wd3MLvJYtG1m6VxwgLsJmyUTIROt80+2r5LY/6XZ0rT€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€H»66hCvqZc0cTkw0+IB6ExkbgeKYOFEQYu8ScE91Crx3jiubd1hWWp/Iprd0OB1BTxD86itXWI6vV8dSoySvihpc87rCTVb31HNlmw8IRALnj6ETKt91Ua7fJaijXarBjZBx2t2xefRZjc0X6s9z6+yTItjYCW5vQ+Dom3NjbM2imGWjqT35rUs5IRso59qwj0wBueEqM0kOPeQkCWde3ewH6T8f+ujme0VYyw1XqhxnQXZB3n+bH+J4yzwJN9brLZKmM9KUX+yCjkmKttaE5En95r8FPXjqPxKw8CwtnMrEeQI8cjL3do0mkKDFHwGOzmQSrD6UyyltzwSY1FfVwDQwX01drHdW0SeQAA3WJ2hQMgoiqob1PQfG070xT0jvUFHtCyqrCorNCuIBAaEifWYBNxFBWi6TxRi0Rszo1U5B2ln7IEL+pKqXMgNI0+cYJo900VHnglAzWVrlpAzZvDrrYctcFEWFYmZGn/YBFdvHbKm5uM7zLmL6PQ2Sg4b8EkW4hslxeQ7qOdyWJPn9Wn5W0KQPWXGL0/Pf1fg4QwyLaL19y0F3DEeyGeHwJiTQcTYQ7Rpkk+Olkp67J9vY6iCJ3ABuLEri2Cv+0XeIg9L3vNIGnbLaW7Los8vOfoZVjq8ntyjkRkKzqFiHKjt1ILk9RZoXPM/tsCWcNvfqP6lRtGOg0K9o+J5J6Elb9BNOW+Y3ZX/ctddHzNuZrXZQEMs7nZZ3Slorf5xnaQCsQ3Wfb/CkHctqwv7lmwf6Q9JMKEAJr3A6WUS5YrANnyp4cX/tZtrgfmlx4BqBI+ibN0W+Kpp3q1IVbz3SRLyZoyj3tjRyJJ8EFuwZ98oQGTEtj3WHub3XLoy+uSZ2T4sof5E7u6UHp8plEmAYi/SfsJIz0hvp7Nh0pYQ4NZ0wukfIKKq/y4KInMvlw6sF9qxQspU8LIbGZNdkHlIBW0w4cLzkeC9VW==4Xñb
2· Â	¬œ‚
€óǽ°XñbXñb
2·”PVè
±)ïjE†ˆ€Ì䬜‚
€óǽ¢î¼Ÿ?ØAðPù¾‡“ZÿSMBuÀÿþ@ÿZ/\\10.128.0.243\IPC$?????4Xñc…Š¡¬œ‚
€óÇ4½^XñcXñc…BPVè
±)ïjE4ý@€ŒÁ¬œ‚
€óÇ4½s!`€ 1—´4	XñeÌåã
€ó¬œ‚½Ç‡	XñeXñeÌåk)ïjPVè
±E]t¸€qÝ
€ó¬œ‚½Ç?ØB¯¢ïµLPúðØï1ÿSMB+˜ÀÿþAJlJmIhClBsr4
XñeÆãi¬œ‚
€óǽ‡
XñeXñeÆkE]f–¬œ‚
€óǽP¯<1ÿSMB+ÀÿþAJlJmIhClBsr
XñeXñeÆêEÜa¬œ‚
€óǽPôâ5ÿSMB3ÀÿþA	5ÐóUl5wW8a5vWwpYE9xrx8N4xssEYvc/z08jh9WcmMydpPYcTxZbfct+jYzFP+3xyQB/QYTlJYMerhPXedrsdcmbNkzE19Z275EgXQfGRu2suufAOp7uitqYxg9jy4fOt50/WCiRWrkfwYU4DjixLXEVKH1ZiYuMPu0owJLifleL/evnranFlFJ4R1XPxgpzPdhEHN4u985vHbo2BoZTd1NUh14VHGPHx4WN3VNcmBXCHiJbEmgu77KDrVLdZ7iAlMrbZ4al3MWKw5Y0z30dtRtutWP39AhEnXhSDeNiYDdBxYY8qWjI8IEowIGxBJZ3EyflJBPCX3kgn2OKydgR/8NHZXiYDo20AQ9WWMBQ19jjfiPEMw8eCQqfDDjN69YE0TqJXGeGuY0iMWV9ryesIl5TYZeqxPqObINZ2sOQhIfjT53LOPvmKveFBGF8mS5y0zPSE2Jr/zgwn7A9JTPOsujFWZJ8yUuoQiYUjqar0oKNHx8T15UDriVsfoxSn+hpDP5YZJAQgLgZBSI6dvVSqKO4m2coFP2MvN+mugsK2T3eTo7cASgs0oal6zBoMlw5pML15AFJoNWhvkoJ4nf3Mb06dBpEZXsZ9CaYUDKZGkuGINn4s2udJTZloIkfrY9kUxIyJZG6c/Mcar0zvPDveQUp4W1lW29EwCbL6GpMluKaW0jVhIbYUcfIuSCINGce6pCsNhIDAg+McrVS9dTqTvjKCCu9s7vBLKOlLTWitpm/lc57ZXV+kDj0NFlwi/tz/2LB93cjr0GLPJokIy2BhFfVXPwH22PHBtePp+04TYWl2V7GqitLLbFI5z+hP6h5vVzwEKZKyg253hEdxVTlQuFdqpXT2PTjBM+BXvlwFMy610tWcO1wbCkHCMXWneR34IurgQlXNgh2kpp6PjIpv2YPU3IIsc+0s9SzPpmiiPJ1uifkLwoCuvp3URfgcv4/H9FVlj7BFQ9DAG8NZCs9wOjOfmRLxPxmTSnE7eo7O7x0+MDl9kjcCAC1Yb59Vo7fO/cUjpYpxJ20PpwZyZDALQi9uIHBcFo5Cq1LISPo2vdq8uWx3FnKDyWpiu9NhVxK3zAKl5yPcm2F54hvUY1NGiwhq/k7d9TxNLQrMn4uT0bFzB5/dWY1l6nnjCFeQZef69/4KzGPnLgWExrvasqfPDB/YyrJNhnv5kF1fDls+J73Xek2hFIO1+ZxXG32uU0t4jMcMmPElCGgc2t/15MRKRDdvvtzpd1jdeYkdts4tnNRmkW5Yd7s4TSK/liJsKQUu1ZsgciGyk0Cf5bYC7ollQnyI5j5ue/IJRQsfEKLIVu2Rr86j/twQCihMRsB+pd+6z9oHoM1WizqABs0w7ivTIzEFsok/qdMsU5TlACRxrdGUB1Npbug+1h2KqpGqS
XñeXñeÆêEÜa¬œ‚
€óǽP¨]uxzT/Kr0h7XRYS2d3Au6HK1Xxpy+gO+LMC7KKdwnT+lX8xMndegoJzU7YZRxVQqfIDFEquis6bE0VF8okUVGQ1tGNtQwCTmyP5A+VaawxX2SxtYdwO2oydBogwaQZSkexubUrXfoeAPd4TzkubtXPMI25Zv1EYxDRG+gHnE5E+1XYK1JTbhVlM6cDGfhhhs/bV9MpiiriJGrdFA0VKgMGwZZpYkkYAroJ9CylVndhXcJpe6sLp3jbTYA9HgkiiPRsmnSZz64YUPPsBx3Q5S/IetM+LbEUrPTAqgS6RUQzT6qvsblh2NQmmKN0B0HOk0i6mZYfgyJmOPc6iNCqXiKm28G5rSZ8pPqiUZqMBBauIuHlDGRbeg4UIOHLqsznsdvTC/nofPaPHcsoo3nstrt2NsYacIC4c1AFD2t1sZO2Njwd5S5Jzg5xTxic8EcPh33OSiQ2bWV+fd7VlhgFOOyLnVlryNDMP39u2yI2vgb5rR6EdfoH5sbctn1IvMqsHRBuTqPUCpuS9B7VMEoJ6nLkg5cyedb7oS3Sx/V4Fxt4JtHU00O53aVTKo6HfGRX51CBh1P7r4Jkqnh6fDE3DgCLWk4a/ZBWTMW95GD7Yu30lBOiojHryWG4McX1lwPiOm5aI9doxmZ680eZqa+vj1C/97jMnfo2HOSbpY18MyB3PPCbTNraPy//7Zw+mwDaplhYGjf9+lAv2aWJ5SBwoPp4JfbiW4+bJCmR9IV4Z4hLxykPTd0OChRxPTrZKnSiKjQiWWvtRsavPFv6XdAtSRviEDHgggXALnTZFuD5ONwjepXtiTPn7p+DwCwHedbZTAM0XWjyfFiVk4OoxrdBhXSfg4xhPTZcI1X1iXUg9qlL7aeWVFl+IskEwhyM8vCf7CUebUeug/8moI/+HZdtCN4huVD9NI+qtWp8ZisX/wiDjxfGAR1AYyvKK4uvGQ9DMflM4dJ5OZYneGJCxUae2no4I9sHMoqrZ78sv89JverMscmmK/El+2IV6kZruuZSveEGc4NbPVGa7QOm9L8A0nR0Hb945zPohwXiaWzeswDHDYf6uBspE8cBtEQ1fSyp/sZ0P7mZ+eHxO4ScpIOmoIb3OC9eq1Z4/9zCo+Qdj3FglmDQco6PLkpIss9YBbSOlbfNR9HBbIDK6jJ1wdOtAzDQFekDR8xeASTEDnJQRtu/bPdrq5s0wh5PW86jDVKJE7qWElAmFhHMHTNYUp5fchncpuklllV2nzYwLkkwJuF5IIaqC5Cyc6Cu3m5u5kA3sIyOSrQc+UBlfi8gt2gAh544yguV3XaN8kuZOQ9LHz8PBddKGtYMt0m4uYLuUV6cH+Gto7N1QohObD3BauqHS0zHp4lIyA1UIO4+dI5dVbeK47cpL6jr3ublTAtTqZZdEYXOo1J3jtcWzrpUKPO8cPJxnyYK4AxGwcchA6WAIP/0MugsQWBl86f#
XñeXñeÆEùaú¬œ‚
€óǽP‰
woi+ZG8Q04Q4cl1fAHqVADpohcPYRG4/HeD6zAdkW8j1B7H8ns6GxqjQ0NtLpfJV9sC9ypmvhaN7GAYTdTuhh20ZEJKbmd€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€q»anADdLeoTkGhKwrvbC2pqBtnZx8oPD7FE+egCZLp4yG0oovvBNP94Z7Boydajfkh99T3Hs0KB+EBtfrMnOy+6VnmcJ7j7x9Q1aoRso+hgkTCPCkwvpirDe+WbtYYEcS073+yLTcgXN9vMpOPzp6ZPMKsCY9HXmLlSjtUyC+qeeZoCYKZIr3uNWUeTuyVh2H7cr9JLvdbQT2mk1LvSbjaKK4qujqEhvKHE06W4yEU1Wf+kpDc9Vzc2FIHMaKNpRRv57096hMwLsNfjSi7HxYDx9SbyWEwMgZtmkfOYUk5lEwTa354sqBLblIWtgP11UcuwhjhFnhbfSkayhAgPsZ6o1uh3NgKg6TQfWXFXNL34Ar9iZpDeixP7aL5X2+yB+VxsTdF0u6KabteuzoC4AQG9Eksw+4JLyg3aKDY5/SlCPx9LexxzKIRPBG2jHjH2ciAVnFWT8JLqh78T9d8+baK6RKd+MAn31zZfVCPbYENVVLzXazxyagwqtlRORSd9neRwr54B6LKkjCn6Dpqtm7Y6t5Xu/QPbiUXZG9vZ+wgFymEx4rdWlEhaCI7aNipKrknQwfsAmEu8we7xu42mbMf7iEbz7MG2xc6HE8/xexBZdwzlRKUmrqFSSAOsg7RMqWuEu8tA9dMuNOG+bEuLGVhBRHtQThqDDRAeLj4Hezc0rpdrLUtGjl9XCF+af7VE1bW0wpqAWG6MRLwFScNH+0dvnfyA9rvLJdN3wzBicW0VC9s9ElQ2p0d0rlGrgN/3s0e3qepXkpxBUzNnMh+BJQvTdvVamynEbNzpX7WOTRkYFq+zn/ZyeeZI8/8I0A6UnE4X8uIlGXPFIozdDUdPd5+j/hH9Wbo1nZ55ZBvA8s+zUW/76fCBmTBRPRdi2Uux7ypFnkdqMU7LepdC/cKTvHx1j3ecMiXUHB1z/gEmVao5log9Ma+xPH8ja3gMsRWGiQUNTK==4Xñt¯éã
€ó¬œ‚½ÇyXñtXñt¯é])ïjPVè
±EOv(€p{
€ó¬œ‚½Ç?ØC@¢ïÅ×Púðùƒ#ÿSMB2À˜ÀVKÂÿþR


suricata-4.0.0-etopen-all-alert-2019-05-22-T-13-17-14-05162019.1504-eternalblue.pcap.txt - (2339 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
04/14/2017-17:30:36.157874  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50927 -> 10.128.0.243:445
04/14/2017-17:30:38.261434  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50927
04/14/2017-17:30:38.385102  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50927 -> 10.128.0.243:445
04/14/2017-17:30:55.455943  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50948 -> 10.128.0.243:445
04/14/2017-17:30:57.629856  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50948
04/14/2017-17:30:57.753580  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50948 -> 10.128.0.243:445
04/14/2017-17:31:14.864951  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.16.156.130:50974 -> 10.128.0.243:445
04/14/2017-17:31:15.820482  [**] [1:2001569:15] ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection [**] [Classification: Misc activity] [Priority: 3] {TCP} 172.16.156.130:50996 -> 10.128.0.243:445
04/14/2017-17:31:17.183525  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50974
04/14/2017-17:31:17.302534  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 172.16.156.130:50974 -> 10.128.0.243:445
04/14/2017-17:31:32.372713  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.128.0.243:445 -> 172.16.156.130:50974


suricata-4.0.0-etopen-all-perf.txt-2019-05-22-T-13-17-14-05162019.1504-eternalblue.pcap.txt - (15062 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
  --------------------------------------------------------------------------
  Date: 5/22/2019 -- 13:17:14. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018063      1        3        1899578      4.36   15       0        572527      126638.53   0.00        126638.53  
  2        2018062      1        2        2012690      4.62   15       0        367941      134179.33   0.00        134179.33  
  3        2018061      1        2        1622040      3.73   14       0        346762      115860.00   0.00        115860.00  
  4        2018068      1        2        1762753      4.05   15       0        336504      117516.87   0.00        117516.87  
  5        2018067      1        3        1885211      4.33   14       0        335349      134657.93   0.00        134657.93  
  6        2018060      1        2        1764992      4.05   16       0        330986      110312.00   0.00        110312.00  
  7        2018064      1        2        1612603      3.70   17       0        324793      94859.00    0.00        94859.00   
  8        2018059      1        2        2096900      4.82   94       0        313727      22307.45    0.00        22307.45   
  9        2018065      1        2        1619481      3.72   15       0        306131      107965.40   0.00        107965.40  
  10       2018066      1        2        1941684      4.46   19       0        298388      102193.89   0.00        102193.89  
  11       2102471      1        12       231676       0.53   6        0        121504      38612.67    0.00        38612.67   
  12       2024217      1        2        1366361      3.14   80       9        104993      17079.51    57635.11    11938.66   
  13       2103024      1        3        224786       0.52   6        0        83773       37464.33    0.00        37464.33   
  14       2103003      1        7        558107       1.28   18       0        81096       31005.94    0.00        31005.94   
  15       2102383      1        21       536217       1.23   18       0        80085       29789.83    0.00        29789.83   
  16       2017935      1        3        1153669      2.65   370      0        68319       3118.02     0.00        3118.02    
  17       2024218      1        2        252324       0.58   9        3        67444       28036.00    26520.67    28793.67   
  18       2012084      1        2        529161       1.22   18       0        62335       29397.83    0.00        29397.83   
  19       2008307      1        3        458669       1.05   147      0        60186       3120.20     0.00        3120.20    
  20       2102402      1        6        395885       0.91   18       0        55513       21993.61    0.00        21993.61   
  21       2024220      1        2        320797       0.74   12       6        54529       26733.08    39005.50    14460.67   
  22       2012094      1        2        350782       0.81   12       0        52826       29231.83    0.00        29231.83   
  23       2001569      1        15       1257073      2.89   78       78       50698       16116.32    16116.32    0.00       
  24       2102466      1        9        218000       0.50   6        3        50521       36333.33    47848.00    24818.67   
  25       2102472      1        11       213927       0.49   6        0        49821       35654.50    0.00        35654.50   
  26       2024216      1        1        401331       0.92   26       1        48939       15435.81    48939.00    14095.68   
  27       2024430      1        3        1007772      2.31   80       0        48622       12597.15    0.00        12597.15   
  28       2017944      1        5        1075200      2.47   69       0        46756       15582.61    0.00        15582.61   
  29       2102955      1        4        220189       0.51   6        0        44059       36698.17    0.00        36698.17   
  30       2102190      1        5        601055       1.38   207      0        42424       2903.65     0.00        2903.65    
  31       2025090      1        1        192101       0.44   6        3        41835       32016.83    39643.00    24390.67   
  32       2103035      1        9        334782       0.77   109      0        40619       3071.39     0.00        3071.39    
  33       2103022      1        4        158892       0.36   6        0        40137       26482.00    0.00        26482.00   
  34       2103159      1        4        293273       0.67   87       0        40056       3370.95     0.00        3370.95    
  35       2102511      1        10       369319       0.85   109      0        39132       3388.25     0.00        3388.25    
  36       2024774      1        2        807544       1.85   276      0        38092       2925.88     0.00        2925.88    
  37       2102979      1        4        166036       0.38   6        0        36900       27672.67    0.00        27672.67   
  38       2015986      1        5        837550       1.92   294      0        33727       2848.81     0.00        2848.81    
  39       2009387      1        4        278717       0.64   80       0        33027       3483.96     0.00        3483.96    
  40       2025018      1        2        219713       0.50   72       0        32840       3051.57     0.00        3051.57    
  41       2103056      1        5        183479       0.42   12       0        30060       15289.92    0.00        15289.92   
  42       2103032      1        5        153319       0.35   6        0        29369       25553.17    0.00        25553.17   
  43       2102468      1        9        135902       0.31   6        0        28822       22650.33    0.00        22650.33   
  44       2100327      1        10       219948       0.51   69       0        26356       3187.65     0.00        3187.65    
  45       2103040      1        5        146627       0.34   6        0        26298       24437.83    0.00        24437.83   
  46       2103048      1        5        164683       0.38   12       0        26004       13723.58    0.00        13723.58   
  47       2103038      1        5        135277       0.31   6        0        25659       22546.17    0.00        22546.17   
  48       2103030      1        5        133686       0.31   6        0        24980       22281.00    0.00        22281.00   
  49       2103046      1        5        149714       0.34   12       0        24751       12476.17    0.00        12476.17   
  50       2024219      1        1        868442       1.99   82       0        24631       10590.76    0.00        10590.76   
  51       2103054      1        5        148280       0.34   12       0        24527       12356.67    0.00        12356.67   
  52       2103002      1        5        330108       0.76   109      0        24065       3028.51     0.00        3028.51    
  53       2102523      1        8        239394       0.55   78       0        22489       3069.15     0.00        3069.15    
  54       2025019      1        1        377379       0.87   138      0        22263       2734.63     0.00        2734.63    
  55       2103001      1        5        319181       0.73   109      0        21368       2928.27     0.00        2928.27    
  56       2003089      1        4        218781       0.50   69       0        20863       3170.74     0.00        3170.74    
  57       2024297      1        2        58176        0.13   3        3        20786       19392.00    19392.00    0.00       
  58       2103029      1        6        312446       0.72   109      0        20017       2866.48     0.00        2866.48    
  59       2001330      1        8        98330        0.23   27       0        19123       3641.85     0.00        3641.85    
  60       2103239      1        4        198560       0.46   69       0        17668       2877.68     0.00        2877.68    
  61       2014958      1        1        216379       0.50   18       0        16437       12021.06    0.00        12021.06   
  62       2014956      1        1        217613       0.50   18       0        16045       12089.61    0.00        12089.61   
  63       2008306      1        3        467850       1.07   168      0        15970       2784.82     0.00        2784.82    
  64       2018558      1        5        813110       1.87   300      0        15708       2710.37     0.00        2710.37    
  65       2103018      1        5        30034        0.07   6        0        15382       5005.67     0.00        5005.67    
  66       2103027      1        6        309652       0.71   109      0        15382       2840.84     0.00        2840.84    
  67       2103158      1        6        860973       1.98   321      0        10009       2682.16     0.00        2682.16    
  68       2022546      1        1        58930        0.14   18       0        8862        3273.89     0.00        3273.89    
  69       2101229      1        8        14671        0.03   4        0        4362        3667.75     0.00        3667.75    
  70       2102523      1        8        232938       0.54   78       0        4334        2986.38     0.00        2986.38    
  71       2022547      1        1        84114        0.19   28       0        4093        3004.07     0.00        3004.07    
  72       2021976      1        2        53452        0.12   18       0        4052        2969.56     0.00        2969.56    
  73       2102103      1        10       37016        0.09   12       0        3890        3084.67     0.00        3084.67    
  74       2101919      1        24       14208        0.03   4        0        3841        3552.00     0.00        3552.00    
  75       2024777      1        2        28230        0.06   9        0        3829        3136.67     0.00        3136.67    
  76       2100538      1        17       18814        0.04   6        0        3787        3135.67     0.00        3135.67    
  77       2100536      1        13       18115        0.04   6        0        3770        3019.17     0.00        3019.17    
  78       2103019      1        5        295856       0.68   109      0        3724        2714.28     0.00        2714.28    
  79       2103036      1        5        17965        0.04   6        0        3715        2994.17     0.00        2994.17    
  80       2103238      1        4        210687       0.48   79       0        3636        2666.92     0.00        2666.92    
  81       2102401      1        5        53223        0.12   18       0        3610        2956.83     0.00        2956.83    
  82       2008297      1        5        31744        0.07   10       0        3573        3174.40     0.00        3174.40    
  83       2103042      1        5        34201        0.08   12       0        3570        2850.08     0.00        2850.08    
  84       2101672      1        12       12835        0.03   4        0        3553        3208.75     0.00        3208.75    
  85       2102470      1        12       17585        0.04   6        0        3501        2930.83     0.00        2930.83    
  86       2103052      1        5        34367        0.08   12       0        3483        2863.92     0.00        2863.92    
  87       2101973      1        11       17336        0.04   6        0        3465        2889.33     0.00        2889.33    
  88       2100533      1        17       18242        0.04   6        0        3446        3040.33     0.00        3040.33    
  89       2103044      1        6        33647        0.08   12       0        3444        2803.92     0.00        2803.92    
  90       2008303      1        3        34688        0.08   12       0        3437        2890.67     0.00        2890.67    
  91       2018291      1        1        150843       0.35   57       0        3435        2646.37     0.00        2646.37    
  92       2008302      1        3        358056       0.82   138      0        3418        2594.61     0.00        2594.61    
  93       2018283      1        5        30727        0.07   10       0        3367        3072.70     0.00        3072.70    
  94       2018281      1        4        231299       0.53   87       0        3343        2658.61     0.00        2658.61    
  95       2024435      1        1        180049       0.41   69       0        3312        2609.41     0.00        2609.41    
  96       2021977      1        6        29785        0.07   10       0        3284        2978.50     0.00        2978.50    
  97       2101904      1        8        3269         0.01   1        0        3269        3269.00     0.00        3269.00    
  98       2101621      1        12       12821        0.03   4        0        3264        3205.25     0.00        3205.25    
  99       2021149      1        1        177251       0.41   69       0        3244        2568.86     0.00        2568.86    
  100      2021978      1        6        47724        0.11   18       0        3223        2651.33     0.00        2651.33    
  101      2103050      1        5        33726        0.08   12       0        3218        2810.50     0.00        2810.50    
  102      2103020      1        5        17546        0.04   6        0        3207        2924.33     0.00        2924.33    
  103      2103028      1        5        17310        0.04   6        0        3136        2885.00     0.00        2885.00    
  104      2102391      1        11       3113         0.01   1        0        3113        3113.00     0.00        3113.00    
  105      2024778      1        1        34175        0.08   12       0        3056        2847.92     0.00        2847.92    
  106      2103026      1        5        17022        0.04   6        0        3049        2837.00     0.00        2837.00    
  107      2101976      1        10       8480         0.02   3        0        3010        2826.67     0.00        2826.67    
  108      2101634      1        15       3006         0.01   1        0        3006        3006.00     0.00        3006.00    
  109      2102373      1        5        2999         0.01   1        0        2999        2999.00     0.00        2999.00    
  110      2103058      1        2        2997         0.01   1        0        2997        2997.00     0.00        2997.00    
  111      2103034      1        5        16631        0.04   6        0        2995        2771.83     0.00        2771.83    
  112      2101972      1        18       2960         0.01   1        0        2960        2960.00     0.00        2960.00    
  113      2014130      1        2        23363        0.05   9        0        2678        2595.89     0.00        2595.89    
  114      2008021      1        3        2586         0.01   1        0        2586        2586.00     0.00        2586.00    


IDSDeathBlossom.py.log - (1154 bytes) - download
1
2
3
4
5
6
7
8
2019-05-22 13:17:05,066 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-22 13:17:05,826 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-22 13:17:05,826 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-05-22 13:17:05,827 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-22 13:17:05,827 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-22 13:17:05,827 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/4056e7e10cebd32c99d694f6a6a649f3d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05162019.1504-eternalblue.pcap -vvv -k none
2019-05-22 13:17:14,140 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-22 13:17:14,141 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.08326196671