Filename: 2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.2256770134 seconds
Hash: 560df9b3a597a990e249acc0ea9c1710
Uploaded: 1548679932

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-01-28-T-12-52-34-01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap.txt - (68566 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/28/2019 -- 12:52:34. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2019881      1        3        8082653      2.68   20       0        7264345     404132.65   0.00        404132.65  
  2        2009897      1        14       6725559      2.23   4        0        6599734     1681389.75  0.00        1681389.75 
  3        2017748      1        6        6263094      2.08   68       0        5929792     92104.32    0.00        92104.32   
  4        2820158      1        2        15925004     5.28   92       0        513796      173097.87   0.00        173097.87  
  5        2820157      1        2        15458320     5.12   92       0        469832      168025.22   0.00        168025.22  
  6        2018496      1        9        998419       0.33   20       0        412710      49920.95    0.00        49920.95   
  7        2816931      1        3        1004027      0.33   21       0        412335      47810.81    0.00        47810.81   
  8        2024178      1        2        850946       0.28   20       0        407219      42547.30    0.00        42547.30   
  9        2824408      1        2        904123       0.30   21       0        404034      43053.48    0.00        43053.48   
  10       2024829      1        2        3444332      1.14   153      0        402049      22511.97    0.00        22511.97   
  11       2809148      1        2        395133       0.13   1        0        395133      395133.00   0.00        395133.00  
  12       2819664      1        2        24493418     8.12   160      0        357102      153083.86   0.00        153083.86  
  13       2020865      1        3        10056969     3.33   74       0        320836      135904.99   0.00        135904.99  
  14       2819930      1        2        24288120     8.05   160      0        309019      151800.75   0.00        151800.75  
  15       2809149      1        2        295922       0.10   1        0        295922      295922.00   0.00        295922.00  
  16       2019613      1        3        245201       0.08   1        1        245201      245201.00   245201.00   0.00       
  17       2019837      1        3        244923       0.08   2        1        241930      122461.50   241930.00   2993.00    
  18       2024769      1        2        225577       0.07   1        0        225577      225577.00   0.00        225577.00  
  19       2012520      1        7        221201       0.07   1        1        221201      221201.00   221201.00   0.00       
  20       2819940      1        3        803484       0.27   6        0        158524      133914.00   0.00        133914.00  
  21       2816510      1        3        791242       0.26   6        0        158358      131873.67   0.00        131873.67  
  22       2827580      1        7        360319       0.12   3        3        146546      120106.33   120106.33   0.00       
  23       2820933      1        2        5520827      1.83   70       0        144205      78868.96    0.00        78868.96   
  24       2016858      1        10       673814       0.22   20       0        142432      33690.70    0.00        33690.70   
  25       2814978      1        2        4659257      1.54   71       0        136180      65623.34    0.00        65623.34   
  26       2016537      1        2        10183462     3.38   707      2        130040      14403.77    93902.00    14178.24   
  27       2023476      1        5        5672755      1.88   70       0        125449      81039.36    0.00        81039.36   
  28       2022627      1        12       5239895      1.74   70       0        125215      74855.64    0.00        74855.64   
  29       2820895      1        2        5597466      1.86   70       0        121050      79963.80    0.00        79963.80   
  30       2018342      1        2        117052       0.04   1        0        117052      117052.00   0.00        117052.00  
  31       2801929      1        7        355408       0.12   20       0        116157      17770.40    0.00        17770.40   
  32       2828008      1        2        608797       0.20   21       3        113976      28990.33    99602.67    17221.61   
  33       2801930      1        7        338987       0.11   20       0        111746      16949.35    0.00        16949.35   
  34       2829607      1        1        108670       0.04   1        1        108670      108670.00   108670.00   0.00       
  35       2830701      1        1        272753       0.09   16       0        106365      17047.06    0.00        17047.06   
  36       2022535      1        11       5131830      1.70   70       0        106242      73311.86    0.00        73311.86   
  37       2822213      1        2        3802645      1.26   71       0        105614      53558.38    0.00        53558.38   
  38       2803027      1        6        208393       0.07   21       0        105177      9923.48     0.00        9923.48    
  39       2023315      1        2        826547       0.27   20       0        105002      41327.35    0.00        41327.35   
  40       2802987      1        5        535707       0.18   31       0        101759      17280.87    0.00        17280.87   
  41       2802991      1        5        225576       0.07   16       0        101701      14098.50    0.00        14098.50   
  42       2022503      1        2        770622       0.26   20       0        101621      38531.10    0.00        38531.10   
  43       2814979      1        2        4529599      1.50   71       0        100250      63797.17    0.00        63797.17   
  44       2018982      1        2        255216       0.08   4        0        99871       63804.00    0.00        63804.00   
  45       2805985      1        2        266072       0.09   4        0        99559       66518.00    0.00        66518.00   
  46       2019693      1        5        638652       0.21   20       0        99433       31932.60    0.00        31932.60   
  47       2020569      1        1        259903       0.09   4        0        99395       64975.75    0.00        64975.75   
  48       2807400      1        3        255336       0.08   4        0        97500       63834.00    0.00        63834.00   
  49       2808234      1        1        290768       0.10   4        0        96924       72692.00    0.00        72692.00   
  50       2816910      1        2        1282211      0.43   21       0        96837       61057.67    0.00        61057.67   
  51       2022552      1        2        2149258      0.71   102      0        96657       21071.16    0.00        21071.16   
  52       2018358      1        7        1658150      0.55   20       3        96611       82907.50    87056.33    82175.35   
  53       2022050      1        3        243842       0.08   4        0        95412       60960.50    0.00        60960.50   
  54       2804927      1        2        154326       0.05   23       0        91974       6709.83     0.00        6709.83    
  55       2017613      1        9        665597       0.22   20       0        88483       33279.85    0.00        33279.85   
  56       2823166      1        3        219035       0.07   4        0        87943       54758.75    0.00        54758.75   
  57       2018958      1        18       918838       0.30   20       0        87345       45941.90    0.00        45941.90   
  58       2012970      1        2        118647       0.04   2        0        84513       59323.50    0.00        59323.50   
  59       2025064      1        5        842196       0.28   21       0        83636       40104.57    0.00        40104.57   
  60       2816909      1        2        1291687      0.43   21       0        82588       61508.90    0.00        61508.90   
  61       2804906      1        3        317140       0.11   21       0        82443       15101.90    0.00        15101.90   
  62       2020388      1        8        745949       0.25   21       0        80384       35521.38    0.00        35521.38   
  63       2816940      1        2        1162666      0.39   21       0        80345       55365.05    0.00        55365.05   
  64       2803657      1        5        166099       0.06   28       0        79483       5932.11     0.00        5932.11    
  65       2824778      1        2        147277       0.05   4        0        77304       36819.25    0.00        36819.25   
  66       2018959      1        3        97035        0.03   8        1        75943       12129.38    75943.00    3013.14    
  67       2021749      1        6        75320        0.02   1        0        75320       75320.00    0.00        75320.00   
  68       2021312      1        2        193023       0.06   8        0        74746       24127.88    0.00        24127.88   
  69       2023711      1        2        108062       0.04   8        0        74468       13507.75    0.00        13507.75   
  70       2827279      1        5        453220       0.15   21       0        73618       21581.90    0.00        21581.90   
  71       2018005      1        6        3145884      1.04   71       0        73023       44308.23    0.00        44308.23   
  72       2022201      1        2        220290       0.07   6        0        72922       36715.00    0.00        36715.00   
  73       2008575      1        5        812170       0.27   67       0        70546       12121.94    0.00        12121.94   
  74       2811447      1        2        1390403      0.46   43       0        69294       32334.95    0.00        32334.95   
  75       2806802      1        2        6119353      2.03   303      0        68910       20195.88    0.00        20195.88   
  76       2018241      1        2        91749        0.03   8        0        68446       11468.62    0.00        11468.62   
  77       2020380      1        3        491681       0.16   20       0        68225       24584.05    0.00        24584.05   
  78       2810276      1        6        67789        0.02   1        0        67789       67789.00    0.00        67789.00   
  79       2816327      1        4        783959       0.26   21       0        67415       37331.38    0.00        37331.38   
  80       2019344      1        5        1002246      0.33   20       1        66653       50112.30    56524.00    49774.84   
  81       2816525      1        10       734497       0.24   21       0        66050       34976.05    0.00        34976.05   
  82       2804907      1        3        154135       0.05   27       0        65807       5708.70     0.00        5708.70    
  83       2020470      1        6        182049       0.06   6        0        62289       30341.50    0.00        30341.50   
  84       2812916      1        6        612904       0.20   20       0        61950       30645.20    0.00        30645.20   
  85       2018981      1        4        588589       0.20   20       0        61208       29429.45    0.00        29429.45   
  86       2828122      1        2        587509       0.19   20       0        60696       29375.45    0.00        29375.45   
  87       2820851      1        5        834358       0.28   21       0        59296       39731.33    0.00        39731.33   
  88       2021413      1        2        58571        0.02   1        0        58571       58571.00    0.00        58571.00   
  89       2012707      1        5        478031       0.16   19       0        58539       25159.53    0.00        25159.53   
  90       2020705      1        4        479096       0.16   20       0        58480       23954.80    0.00        23954.80   
  91       2023916      1        2        136417       0.05   4        0        57796       34104.25    0.00        34104.25   
  92       2024767      1        2        645277       0.21   20       0        57206       32263.85    0.00        32263.85   
  93       2022339      1        2        857481       0.28   20       0        57103       42874.05    0.00        42874.05   
  94       2821615      1        2        655208       0.22   21       0        57067       31200.38    0.00        31200.38   
  95       2805260      1        4        452659       0.15   20       0        56798       22632.95    0.00        22632.95   
  96       2825353      1        4        2082423      0.69   70       70       56747       29748.90    29748.90    0.00       
  97       2816930      1        4        609207       0.20   21       0        56248       29009.86    0.00        29009.86   
  98       2018452      1        15       744081       0.25   20       0        56095       37204.05    0.00        37204.05   
  99       2020825      1        6        176071       0.06   6        0        55870       29345.17    0.00        29345.17   
  100      2826256      1        2        559134       0.19   23       0        55727       24310.17    0.00        24310.17   
  101      2809363      1        3        55707        0.02   1        0        55707       55707.00    0.00        55707.00   
  102      2815817      1        5        647616       0.21   21       0        55293       30838.86    0.00        30838.86   
  103      2816929      1        4        629334       0.21   21       0        55047       29968.29    0.00        29968.29   
  104      2816928      1        3        602476       0.20   21       0        54924       28689.33    0.00        28689.33   
  105      2816165      1        5        802322       0.27   23       0        54831       34883.57    0.00        34883.57   
  106      2823537      1        2        2506960      0.83   70       0        54800       35813.71    0.00        35813.71   
  107      2022049      1        3        494537       0.16   23       0        54682       21501.61    0.00        21501.61   
  108      2820031      1        2        592260       0.20   20       0        54141       29613.00    0.00        29613.00   
  109      2023670      1        3        746937       0.25   20       4        54097       37346.85    42110.00    36156.06   
  110      2810481      1        4        1429532      0.47   68       0        53321       21022.53    0.00        21022.53   
  111      2811740      1        2        52851        0.02   1        0        52851       52851.00    0.00        52851.00   
  112      2816922      1        5        621667       0.21   21       0        52767       29603.19    0.00        29603.19   
  113      2013352      1        4        74765        0.02   8        0        52448       9345.62     0.00        9345.62    
  114      2816526      1        13       630890       0.21   21       0        51768       30042.38    0.00        30042.38   
  115      2024771      1        1        210703       0.07   18       0        51641       11705.72    0.00        11705.72   
  116      2816925      1        3        595547       0.20   21       0        51488       28359.38    0.00        28359.38   
  117      2023875      1        2        663503       0.22   23       0        51125       28847.96    0.00        28847.96   
  118      2821561      1        2        740370       0.25   20       0        50939       37018.50    0.00        37018.50   
  119      2816669      1        4        483723       0.16   20       0        50630       24186.15    0.00        24186.15   
  120      2024601      1        2        50409        0.02   1        0        50409       50409.00    0.00        50409.00   
  121      2022198      1        2        78477        0.03   2        0        49823       39238.50    0.00        39238.50   
  122      2018242      1        5        726365       0.24   20       0        49469       36318.25    0.00        36318.25   
  123      2821839      1        2        49435        0.02   1        0        49435       49435.00    0.00        49435.00   
  124      2021073      1        2        155039       0.05   4        4        48891       38759.75    38759.75    0.00       
  125      2810353      1        5        7

This file has been truncated. Go here to download in full.


unified2.alert.1548679951 - (111503 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
4[ocï…Ñý^I—Œ
	fPÌMâ[oc[ocï…ÆE¸œü^I—Œ
	fPÌMP Tß«lþ€t»Ç/µsy*õ2?£7d8ñáEg1’ðòØbçGõÎ×yûÕb±²£ù‰ÀI•m$1Aa•¨ÚL5åb…?u
º nÓÝ=#ùóÏEŸª½ò¤å—)´e¢Dۍ÷|Ê»:èôágÝ-c,uíÏW^È?8ýãÙÿgV~ÿ¸:±íbù»˜ˆ‹ßçîÉÿx{…zfíüÌ+½óøíY’z.ßNûþúžåÏïM
‹Qçß}?%ní×'æ_\±äÈGS3ýIýòIóž­÷½·t¡›•>·³OÛ®¯òé¾2¢†×a“w%”øzù![qd,}õU…[ô·õ´{nTTIŽ^-¥&1S‰7Y·>V·÷òá4™jOâD?ŠÕóÞ'U‘åú—†9?ÂõK\Qk±59?ìý =uãâÖ¯¹B—싸ZâülÕi”¢[Åå5⮍×ñŽ]z‹$­fŽS¶ßxrŸîy»ÅþS]Ï}âM«ì‚fJÿ×hÏ)/S·!vnÄKEÓ{3'Šñrï܌£ÜÏÌY—4¸ôñ!rï3A…+÷²Œ‹6=,¯=EۉíwyX¸C0¼rð¨†c¸è×&ë…l.ŸñŽ|#ô^ ›øÌ*ÃRm4åãúÃÝú©6ˆ7ã^Ï<Zsyÿ§‰OEBý[ž½ísj_ãV;„°÷‹Þâ2¤òÒüëxwH—ß–+ÎÂa4FÅK·>7?ÎR¹5þòÉ ¨âþÒS…‹'ROÞq\º¨RµP~ø×éÄ»«ùu“Ù»ÂÍ,sJ¸ÞхôÜ–JÔõr½ÎÚÕwA3äùòÎé´^ù唒C‡:{βI¯Nvx¹÷òª}ÒÍmu|ÕÒ¹º½U‰V})k5v·J,[òhˇ½:÷{e·Þ)+á<rãkþü©ûœf¯ýÜß.hávnÚ/^¥5.Ýl}ùà¬ÛÚT®ãc·ø¤W”ºŸk–®OûÂFZ|çZÀqó+	îÓó>¬ÿð6A-µéA竈ÕOq‰Kj¾%=š¦(oÑk6™Í\Èz×îž2s3ÊQ}ÇEþójÖò߸>™®îª+¿¡¶³Ó„=øüLÓEY—IÅÍG6Ô|ã/›5°Ó2YÜòÕÉQ9åVٌŸKW}™\ús¿Ì“nnw—¼ÜûVw¤_ {ù£LíþÉ:§È§~§–vi݌;Vf}OÄ£ã¶B¨KdE´™Ã‘ãy¾Hn|Œ­÷ÿà@[¬mæô}Äw•6=hRüS÷«îkïvÊs`ÑÖIrœW>[ÖH}?rênüë7ÆØ"£c\êæ÷|ƒuÝÛtyjeÞUÍßîj½ÌÎ8S±`W÷JZËPëõÎO5:ëd]˲àj+·;õÖBÂø½á…W9¶m«ÉÝ{ŸrjHâª1
zÿMEV¦7¼#wTø¹±änáñӗU®}s%\*æ5µV¼Êw Âm¿ˆ"þ£ºcÖÙ ìIŽmÏewŸ¸µ¨TÈ"0e¹ƒÖ.Ó¤“¯"NO0¸—¸QÝ9ê`éäáàÉo~ÈîW¾#3n¾Irë}éåo÷qYkÇß®BIÚtݳ2?ü8·‹Pváâ§1
—•w
©
4>ÊtၰJ1ýš¨¤y;´ʙÝrPš/¶ZY/?ªLóÐ^즯 ŸM{»[¾†*PL•b¶Þ¸¨Ù{òpµaï1¾—£s‘¶÷CŽâî‰j^eü(ýø‰Ä}îê-lR§íjxN®ÇJݼ8¨[<›-ãgºDþhÜ@zŽ|]z•bhÄ÷¿W›ïËLÖ
pP}>[%džFŸx¥u´ñ}ۉ•íW®’‰sRV[OíõŠöïÔµ¿.äšæ^ÞÈ?ª¨G9k81¸,uøí¹ý뾇Œr­¯
R“õύôh¥õdì\#;×`5-.&!­öwª}W;ǽ‡?d­~óÚâÎý¡ñšÃ{.¾»·ÚWôvÆÇ÷ý“§V•‡?wܪ¦m¿gÕ:œðA­*Äà©ÏÉޑ:B,ÿXÃ`´TúÉ
ÿ³õÝVçLù‚¦Ý}å´¬Z÷>Í8Y•~=ú]^ú9}/çŒ8üv6–ŒK„¯¼¸¿ö/qþ¡Ò]ǵ¤ªýég*^ÖDXŠ˜+ON,ÿcn•zã¤P™ê½Âëm71ù
ù,•=_¾â? Í¥»>ôlMÌ©­;EÃ	÷ñÑ-2\fϪ’·u't¾ÜLô’p+º³$âPHîfªñ+ñ¨2guWUe/u]|uŠ€šSEíõbŸÏô&
%~öZ]8uÝácښºÙí¨Õç•Ï„	­º…HoñØ6ø»‰LQ”ž¼ÄòžV©wÖ±«ïî¿<¡´½Å…íⲓ'û€Ž1»ŽBëýŸiæ„¿ÐÓÿ\ÁŸUÕ_€1¿)®.øgÕïH^þA—úmøÿ\ӟõ°_0òW51´²?×ñg!ø;xþm‘ðpfÆ.‚°ƒËAEՌɊ	uóæSRRc¨‰æŠx]œ"–’NˆIŒ2Wôõ±Ó1QĦÒB#B㩉sŕ”TEK~ž¥¡fáñ)®¡IØ̄øÄT³PsÅh-ÉLO/5<š’šªKM¢$‚´HjJB(
ܦDéE¤„f€Šâõ8œ‘^BhL¢"6,
o®OÃ+bi™€ŠˆTXÆ` "âfä`1 E,Äè/Äè/Ä,Ä,Ä.Ä.Ä-Ä)b£ãcã@` ˆ¤Æ;0#(E=8zðSÒóà|Yd|_Á¢á "ÈLŒC8f [Í
føÛU¿Þ+!¼3Ќ.èä<ã*„ÈÌ2üž#DDnú@KðŠÐétä#Ì"ˆ g Zᚁ2è”D038@"l3êŒx΋ߍð0Ê! dæw¡+Ö»Td
²s%Z¼CæÁ•aÃpÚƒbp <‹1’‚…ð“¢›cÈø#€à '#ÈgCY䪽Ã֟L$#©ÖÃH‘Ó]$'fɐxŠ8ù1F€1DÅlg…W?Æ=s~?õ—ñhðïã…঄Fd$¡"±
ÑEBkpçŽXk’…D‚8+$
¤QAlȗ’þ‡rÐ-တ;$ñ¡.b¸!	ˆ
â	ÒcdPJöß(	ڏd¸9œ@û %ԀB„1¬f½Nˆ-Èâ²;æ˜ØüÖ¬+£YÄ\!Ànþ±œhƉÑM'Ä	åaœ/Hsÿ<@>7PÍ`ù¿jÑÔe(F]eF»D}A@˜À?zAfá|9‚“>Eȑ/ì8€T0‰ŒX†$³€™‹)
sü;
%Ò^®dB£90ìlìhÛ¼&2a•‰tAY†Àªô,LIE ÚÂ~SA\(hAA=h„…Fqr Ù™Â¹ýtxñFV‚2a $ôÁéë2Zçå`ƒ?l‡f´Nú‹Ö­€XĀ–`cfAvXÊ ‘Éùýq¡Ì.V#h–ª"ÈeF[ «l œ.2¹,éÒ`fm1Ba4«g ]mFkVkoÐHÝ*ìυ÷OZcz£@=ÐÏg%Áà~|ÆÆßuaù	¬*uÀ±aö¤4”)Š`·˜å*”Bf®ƒm>5BÅ²1j!ͬŽ€!ãÞ³!ØìŸb™9ÁɊA»áÂýßðŸ@{ûä’““˜ßÀœ…ÿ€'Ü&…á<q!ß «ë¯ë‚¸gæ.e@?G8‘×þ3„§
<~ ^õ ¦?P2Y¸uàغðÊqAÍg…óó",êoøÿ>ügØÃÿPî&Öíšûì-ÔZƅh©¾…ž„Yé¥aI¨‡ÁÝm@(Fð9!Ô©„òs <.„'”¸?=eå@¨‰rPĂ>x{0Ô4á³G P‚““y´ÀgçÐ:ò!lJ¾Døߥa[nPY× Òþ2/žEKt	O¡¦R#iX÷ÈȘp
֟šâ‰€/H{é&êwŽ`—1N°ï0„ûó©ۀãj›ššJ‰£&‡†éx˜©Ãßð7ü
Ãßð7ü
Ãßð7ü
Ãßð?ƒeÿ£o]¹U«»H¨b+°ÿµ?€ö?´Ù¡ÝÓ¡ÚåI¡½¿ ´÷óB[v#@I€•¡—¨ ´ß÷„öû~€ð	á€Ðއ~X÷ À¿²ë·¡BèucÚÐB?xþ³P4ËAd¼Ò

@¦}bhñ”ŸUÿ
Ãßð7ü
Ãßð7ü
Ãßð7ü
ÃÿQ]hCÃÚÙЎ‡æ0|^ÿc~~>«†Ïæ¡

msh§ÃgòÐ<´óá3|hϋmzh÷ÃgæÒe.(p1@hrËÄT¨P	 2@€ªáNê5jÔ¨
P .@=€?ø|žP @øLÝ 1@€¦Í.¸ ôX´ËÿWàò9tèÐ |Ð ,ÿ  ½\¾é0` @*À•ƒ.H¸`ÀP€aÃF¤ŒúWbÆŒ0 |ó¶
ý.ÉáwŸ©á[giÓf„oëd„y¡o†î3|›
Jb[P/
Ô9ý÷AaG-Ôeˆƒ›éKêb\;fÀ„	Â0|ÂÐ]pâØ0Þvƒ£ðßý³}ñÿ
à;(Jpàoþ1¿þï€X=(þ'í㮆‹€?ý0ó6 ³߶\ø¶ùßи^áºýwÛg\¼ØäÂVá{pîAë‘ž`|E~küÏAý¿1þt€{à `ÿ‡žÿgü˜ÀŸáÒ¾¼°ú߶µS+è?ÅðžÂ=Uå?€P«ßu(÷Øaf¸Á±F¬nþÀ¤o¡ï~Î?ÿj?Œ(Ü?þ»ÀõߘFÌmìƒ+ÀŒ{! „ëâ?!°þàz†gÔ¿Û><Ó±œÊ¿·ϒÿ@ûÿqÿá÷t¿·ϱÿ`û°?ð\þwۗ¨Ì’ü³óŽ+</þWžÿ°>¸õÁB€ç?Œƒç?ÿóÊËÿäü'„kÏ 	 
@[€°}{Â}â_ÿ=z„ç¿@x¶ýùü‡zÁ2€ÿ+ϨS$ü«óò¿pþÃÓêP/ù]XË¢Q„:Š1ó(§‰F—r#Ib$D<dc‚ ‹x¤Pc)á4vO8%D´Z̼
ÍɎG‰qqˆp£EèïÝb–"|h'‘¥h	•’J‹¢ÆS,ÐҌŸËˆƒ3ÖP4¢BF0šH°ý*GÀ2ÐÇé \ll$„ƒ@‰àpFk”‚.N	§D2C‚ýc#¨©HpêÊT%AŸŒ¡tiñaàw±ÅZ¥ÑèԄPZ5	Á è<[ækì€ “G‡'ÝNÁ҅¹é(Mí`F„‡c–žÀ…Xå)0^æ̏r·A"é`¼Ãs£v²Óå+sìWlìœIÇб³ÒÁãðÖ:¥Ö6¶†ô(++:EƀÎN(Œ¢ŸŒJ	E°v1ñ”Ô`"‰š@MdãpE^E°ÞÑ¡)”ˆ`ÄÝÎΑd‹7B‚]½Ýum\\8”Öå¹bñFº8.¬{XÎ4Ö%&ìPJhÊJº
ÌÍâB#¢=(«!i•cjën›ÍŠ´ˎ;¡³¾Ë!¢šàw9&2¸	•Ü»eáu°Fá{òƒFéerÖh»¶õâÏb{­¹´¬QÒªê@²‹ðƑì!+LW„ÒDB캊½»P2¹
Ã\×ä„Áʽ"waÓJ….°¦{åºájþΚQŒ€¹÷ Àn²@-Œ[ àÇxõÅؕ5ƒI̙Kñ…åé jˆfƒÍ)DÿÁ¢€²ÌØx`°¸qA˜d…å—n,§vs?£Û{øs\[hT>b„À<DÑH^1…U©‡û ˜‚Br~Þ!Èg&‰ @C0õÏÓð€9ìŒ(ÿ
ðpÏýø«Wñ!@¾`¥-ÅI+Û¸’ýëíI<b÷ì¿P
nÙ>Ñ1©6Ôð´J"
°‚†[;kEаZ–XeE.¤»R#Òâ)C4L– @•˜7lÌþt1®ˆ8Ðր ™ƒZÁBXXÌeÀºùõî4k%øY[A4ÖŃÀÖ.Ð94
ŽOÖÂeó]ɊcYŒ-ô@öØÿd€€u€†À?°÷ç·¹ƒ½¨TZ0“Ɓåéïîe£ëîb
ÇN	|Ûò•ÌjòÅÅ8(¤†'͚S¸5ÿÈîOÆ-Àk{[ØÝÁ`ï['cƒý…?Jƒ†Ònj†,±š,°ZFÚYq¿µDg,€,¸\ÿ¤óeÙ"¡3Äæ¾XµhKöÎܶ°ƒ-°Ç:ÈÞJLö˜«±ž§Á’ÖRfÀÈ^ܟfÆh74Y4¶Z P.<d üæÑ5üR®»Ïõ•ñb^ºÀ8ž/
)úûÓ}¯’5kOƒqhž?Ö· ÌkaáœT÷$J"¸ççJ‘‘‚:koùâK×ßÌXöVA0¬í䏼gÆcñ iî…íÀŽ%æ°¡ (ý&˜íC€!DPÃZhw¡#„52×Зaݬ	yÆ
…YíÃrpç®aÅs£jXü…2®($”uÏìþx÷Ÿ
9’d0ˆfp7°oýðžù	0¹Œxæ1Þ/X’P…ú×5}ÿdüÀÊ`<͘ïˆÙe`ó1ÓÀ]΅<Ì\Xæ=PÕþ5(	зAu~`ú‚ˆç€Ît9Àa0ôÌIR:ôyÖpSÉÆB³óóK5øOkæÏëæý	¿ÛP‡þOá¿cÿ(„ú-„?êûŸ‚˜8÷Ð&ùwۇºøŒ*“þÇ›ÿ3cõÚCÿnû°éæ¹FéXfà÷/Šÿ]ùMB!,Äÿ+°ø”å,€ò‡Ì¢HóM‚{XÑvpÏ­6˜	 ÕÐ&`K0|þJþ¨ÿà‚ƒ5ýŽ³.Ø\䐂Æs?ÿÀlÞÕöwf®Lfü¼ÿ~çŠ	0…¢ŠWÄMdŀà'·^¸_ùX©Ð*f¼s'NÄ͌ý÷Ëã)ÌòõÛÌ\â?‰ÿ`YØÉßï还ÎÔÿ~\D%eÃ6WЙ:£,ÃYÁ8@@è˜À²èJY4t Œ2itjÁ~nîê,:à‰0?t¼ÓY4\äðÇRaX
/ ¥@À¤‘- HbÑ°NÆ_CyàTª³h¨»°hX¶šI3œ‡X´5¤Ø˜y`_B˜4#EÃúŸ²òÀƒ•.5@Ã#݄I3I,òÐÅÊ'3,òƒƒƒ
òÀþ&±hØîS&ͨ“.c?D
Ç0„I3œ™,š”3¬<°-!81€†|z°hÈ?I3:u,ŽíÄoù¥à4Z,òÉ¢aýՀfeáЏzAN&`ž¿“§Ì²Œ>2t:PXÍè“f()™,ʆÜhA8°hÈg!“füàN'‹†cîO3VžL
罉I3œR],š!3Ð#òÀ1TgÑX8°hÈC4‹†õ×±h8>י4ÃñÅ8A
ÇցI3汐EÃü]¬<N ˜aÑpü‰ðôyã̤:ªY4Ì#%Ä 1PV=X´Ìâ•ApEÃz>1ifY`cBæ÷`Ҍ²…¿Ñ],òü‰•3p"LŽC“ÆÀ9ýÄ¢a»BP]4œGÍh‹EÃü…€^™:ÿ»œüFC@¡[ TظÀ’pÁ‚U;w¨˜~.I^þYöTp‡Bì^Ċ¨†¹ßΧaBVϤ±!d3=/ã•iˆbg\QŒ«,¸*#6 $/ȍFÈ©0dGÈ2
ˈC!dVèÉ1Ù)A±#æX2–™IJ(PÄ.”qj4…!ß( 1ǀ9nåêàë‘åàä™ÊÈɍèáŒ	&¦Œ{4à±Ð'X{DJ#ÖðÇê)ýÈI‹ŒuòspŽ	Êb¤»ÅüžÎ†àp¦0$¹ø‚úíàLð†¦¦&ƌv0ˆ‡
ì³LÜ«õ`±0
Ëê °äjÍH¡U¬¢Ã™¹894œÌH£°„njçDB))ä0òV.r(ÙŏQQf´ †Ø‚u&ƒ+›’n
ÓQÀa†) \˜aØoëØ$çD+ÿXF=N‘ÞŒœÜg`@0122dÜ£«äßÇ1ɋB6Äo€ÿä…B#;ja¶ÑˆƒCv„G¦¦3â8D²#y‰“†PfäáD°díXr¤#è“:…A±!ñä;fnrD(•ivPK™ÊÈÁ‰Øu2Èь;0fÊ«È+­†8 =@7‚75Ƙ˜˜âõf9y-p
¹eC"³âƒ ×þŒЈW¹‘$R†«c\\?fþD/€Ä§†ÛyGZ%ÛGÓ=`Ʌq3ÄáôÁ°0îÄøyül+¡€5c	†&044Åý?8?Œ^ÒVi£Y=s4[ocï…Ñ!^I—Œ
	fPÌMâ[oc[ocï…ÆE¸œü^I—Œ
	fPÌMP Tß«lþ€t»Ç/µsy*õ2?£7d8ñáEg1’ðòØbçGõÎ×yûÕb±²£ù‰ÀI•m$1Aa•¨ÚL5åb…?u
º nÓÝ=#ùóÏEŸª½ò¤å—)´e¢Dۍ÷|Ê»:èôágÝ-c,uíÏW^È?8ýãÙÿgV~ÿ¸:±íbù»˜ˆ‹ßçîÉÿx{…zfíüÌ+½óøíY’z.ßNûþúžåÏïM
‹Qçß}?%ní×'æ_\±äÈGS3ýIýòIóž­÷½·t¡›•>·³OÛ®¯òé¾2¢†×a“w%”øzù![qd,}õU…[ô·õ´{nTTIŽ^-¥&1S‰7Y·>V·÷òá4™jOâD?ŠÕóÞ'U‘åú—†9?ÂõK\Qk±59?ìý =uãâÖ¯¹B—싸ZâülÕi”¢[Åå5⮍×ñŽ]z‹$­fŽS¶ßxrŸîy»ÅþS]Ï}âM«ì‚fJÿ×hÏ)/S·!vnÄKEÓ{3'Šñrï܌£ÜÏÌY—4¸ôñ!rï3A…+÷²Œ‹6=,¯=EۉíwyX¸C0¼rð¨†c¸è×&ë…l.ŸñŽ|#ô^ ›øÌ*ÃRm4åãúÃÝú©6ˆ7ã^Ï<Zsyÿ§‰OEBý[ž½ísj_ãV;„°÷‹Þâ2¤òÒüëxwH—ß–+ÎÂa4FÅK·>7?ÎR¹5þòÉ ¨âþÒS…‹'ROÞq\º¨RµP~ø×éÄ»«ùu“Ù»ÂÍ,sJ¸ÞхôÜ–JÔõr½ÎÚÕwA3äùòÎé´^ù唒C‡:{βI¯Nvx¹÷òª}ÒÍmu|ÕÒ¹º½U‰V})k5v·J,[òhˇ½:÷{e·Þ)+á<rãkþü©ûœf¯ýÜß.hávnÚ/^¥5.Ýl}ùà¬ÛÚT®ãc·ø¤W”ºŸk–®OûÂFZ|çZÀqó+	îÓó>¬ÿð6A-µéA竈ÕOq‰Kj¾%=š¦(oÑk6™Í\Èz×îž2s3ÊQ}ÇEþójÖò߸>™®îª+¿¡¶³Ó„=øüLÓEY—IÅÍG6Ô|ã/›5°Ó2YÜòÕÉQ9åVٌŸKW}™\ús¿Ì“nnw—¼ÜûVw¤_ {ù£LíþÉ:§È§~§–vi݌;Vf}OÄ£ã¶B¨KdE´™Ã‘ãy¾Hn|Œ­÷ÿà@[¬mæô}Äw•6=hRüS÷«îkïvÊs`ÑÖIrœW>[ÖH}?rênüë7ÆØ"£c\êæ÷|ƒuÝÛtyjeÞUÍßîj½ÌÎ8S±`W÷JZËPëõÎO5:ëd]˲àj+·;õÖBÂø½á…W9¶m«ÉÝ{ŸrjHâª1
zÿMEV¦7¼#wTø¹±änáñӗU®}s%\*æ5µV¼Êw Âm¿ˆ"þ£ºcÖÙ ìIŽmÏewŸ¸µ¨TÈ"0e¹ƒÖ.Ó¤“¯"NO0¸—¸QÝ9ê`éäáàÉo~ÈîW¾#3n¾Irë}éåo÷qYkÇß®BIÚtݳ2?ü8·‹Pváâ§1
—•w
©
4>ÊtၰJ1ýš¨¤y;´ʙÝrPš/¶ZY/?ªLóÐ^즯 ŸM{»[¾†*PL•b¶Þ¸¨Ù{òpµaï1¾—£s‘¶÷CŽâî‰j^eü(ýø‰Ä}îê-lR§íjxN®ÇJݼ8¨[<›-ãgºDþhÜ@zŽ|]z•bhÄ÷¿W›ïËLÖ
pP}>[%džFŸx¥u´ñ}ۉ•íW®’‰sRV[OíõŠöïÔµ¿.äšæ^ÞÈ?ª¨G9k81¸,uøí¹ý뾇Œr­¯
R“õύôh¥õdì\#;×`5-.&!­öwª}W;ǽ‡?d­~óÚâÎý¡ñšÃ{.¾»·ÚWôvÆÇ÷ý“§V•‡?wܪ¦m¿gÕ:œðA­*Äà©ÏÉޑ:B,ÿXÃ`´TúÉ
ÿ³õÝVçLù‚¦Ý}å´¬Z÷>Í8Y•~=ú]^ú9}/çŒ8üv6–ŒK„¯¼¸¿ö/qþ¡Ò]ǵ¤ªýég*^ÖDXŠ˜+ON,ÿcn•zã¤P™ê½Âëm71ù
ù,•=_¾â? Í¥»>ôlMÌ©­;EÃ	÷ñÑ-2\fϪ’·u't¾ÜLô’p+º³$âPHîfªñ+ñ¨2guWUe/u]|uŠ€šSEíõbŸÏô&
%~öZ]8uÝácښºÙí¨Õç•Ï„	­º…HoñØ6ø»‰LQ”ž¼ÄòžV©wÖ±«ïî¿<¡´½Å…íⲓ'û€Ž1»ŽBëýŸiæ„¿ÐÓÿ\ÁŸUÕ_€1¿)®.øgÕïH^þA—úmøÿ\ӟõ°_0òW51´²?×ñg!ø;xþm‘ðpfÆ.‚°ƒËAEՌɊ	uóæSRRc¨‰æŠx]œ"–’NˆIŒ2Wôõ±Ó1QĦÒB#B㩉sŕ”TEK~ž¥¡fáñ)®¡IØ̄øÄT³PsÅh-ÉLO/5<š’šªKM¢$‚´HjJB(
ܦDéE¤„f€Šâõ8œ‘^BhL¢"6,
o®OÃ+bi™€ŠˆTXÆ` "âfä`1 E,Äè/Äè/Ä,Ä,Ä.Ä.Ä-Ä)b£ãcã@` ˆ¤Æ;0#(E=8zðSÒóà|Yd|_Á¢á "ÈLŒC8f [Í
føÛU¿Þ+!¼3Ќ.èä<ã*„ÈÌ2üž#DDnú@KðŠÐétä#Ì"ˆ g Zᚁ2è”D038@"l3êŒx΋ߍð0Ê! dæw¡+Ö»Td
²s%Z¼CæÁ•aÃpÚƒbp <‹1’‚…ð“¢›cÈø#€à '#ÈgCY䪽Ã֟L$#©ÖÃH‘Ó]$'fɐxŠ8ù1F€1DÅlg…W?Æ=s~?õ—ñhðïã…঄Fd$¡"±
ÑEBkpçŽXk’…D‚8+$
¤QAlȗ’þ‡rÐ-တ;$ñ¡.b¸!	ˆ
â	ÒcdPJöß(	ڏd¸9œ@û %ԀB„1¬f½Nˆ-Èâ²;æ˜ØüÖ¬+£YÄ\!Ànþ±œhƉÑM'Ä	åaœ/Hsÿ<@>7PÍ`ù¿jÑÔe(F]eF»D}A@˜À?zAfá|9‚“>Eȑ/ì8€T0‰ŒX†$³€™‹)
sü;
%Ò^®dB£90ìlìhÛ¼&2a•‰tAY†Àªô,LIE ÚÂ~SA\(hAA=h„…Fqr Ù™Â¹ýtxñFV‚2a $ôÁéë2Zçå`ƒ?l‡f´Nú‹Ö­€XĀ–`cfAvXÊ ‘Éùýq¡Ì.V#h–ª"ÈeF[ «l œ.2¹,éÒ`fm1Ba4«g ]mFkVkoÐHÝ*ìυ÷OZcz£@=ÐÏg%Áà~|ÆÆßuaù	¬*uÀ±aö¤4”)Š`·˜å*”Bf®ƒm>5BÅ²1j!ͬŽ€!ãÞ³!ØìŸb™9ÁɊA»áÂýßðŸ@{ûä’““˜ßÀœ…ÿ€'Ü&…á<q!ß «ë¯ë‚¸gæ.e@?G8‘×þ3„§
<~ ^õ ¦?P2Y¸uàغðÊqAÍg…óó",êoøÿ>ügØÃÿPî&Öíšûì-ÔZƅh©¾…ž„Yé¥aI¨‡ÁÝm@(Fð9!Ô©„òs <.„'”¸?=eå@¨‰rPĂ>x{0Ô4á³G P‚““y´ÀgçÐ:ò!lJ¾Døߥa[nPY× Òþ2/žEKt	O¡¦R#iX÷ÈȘp
֟šâ‰€/H{é&êwŽ`—1N°ï0„ûó©ۀãj›ššJ‰£&‡†éx˜©Ãßð7ü
Ãßð7ü
Ãßð7ü
Ãßð?ƒeÿ£o]¹U«»H¨b+°ÿµ?€ö?´Ù¡ÝÓ¡ÚåI¡½¿ ´÷óB[v#@I€•¡—¨ ´ß÷„öû~€ð	á€Ðއ~X÷ À¿²ë·¡BèucÚÐB?xþ³P4ËAd¼Ò

@¦}bhñ”ŸUÿ
Ãßð7ü
Ãßð7ü
Ãßð7ü
ÃÿQ]hCÃÚÙЎ‡æ0|^ÿc~~>«†Ïæ¡

msh§ÃgòÐ<´óá3|hϋmzh÷ÃgæÒe.(p1@hrËÄT¨P	 2@€ªáNê5jÔ¨
P .@=€?ø|žP @øLÝ 1@€¦Í.¸ ôX´ËÿWàò9tèÐ |Ð ,ÿ  ½\¾é0` @*À•ƒ.H¸`ÀP€aÃF¤ŒúWbÆŒ0 |ó¶
ý.ÉáwŸ©á[giÓf„oëd„y¡o†î3|›
Jb[P/
Ô9ý÷AaG-Ôeˆƒ›éKêb\;fÀ„	Â0|ÂÐ]pâØ0Þvƒ£ðßý³}ñÿ
à;(Jpàoþ1¿þï€X=(þ'í㮆‹€?ý0ó6 ³߶\ø¶ùßи^áºýwÛg\¼ØäÂVá{pîAë‘ž`|E~küÏAý¿1þt€{à `ÿ‡žÿgü˜ÀŸáÒ¾¼°ú߶µS+è?ÅðžÂ=Uå?€P«ßu(÷Øaf¸Á±F¬nþÀ¤o¡ï~Î?ÿj?Œ(Ü?þ»ÀõߘFÌmìƒ+ÀŒ{! „ëâ?!°þàz†gÔ¿Û><Ó±œÊ¿·ϒÿ@ûÿqÿá÷t¿·ϱÿ`û°?ð\þwۗ¨Ì’ü³óŽ+</þWžÿ°>¸õÁB€ç?Œƒç?ÿóÊËÿäü'„kÏ 	 
@[€°}{Â}â_ÿ=z„ç¿@x¶ýùü‡zÁ2€ÿ+ϨS$ü«óò¿pþÃÓêP/ù]XË¢Q„:Š1ó(§‰F—r#Ib$D<dc‚ ‹x¤Pc)á4vO8%D´Z̼
ÍɎG‰qqˆp£EèïÝb–"|h'‘¥h	•’J‹¢ÆS,ÐҌŸËˆƒ3ÖP4¢BF0šH°ý*GÀ2ÐÇé \ll$„ƒ@‰àpFk”‚.N	§D2C‚ýc#¨©HpêÊT%AŸŒ¡tiñaàw±ÅZ¥ÑèԄPZ5	Á è<[ækì€ “G‡'ÝNÁ҅¹é(Mí`F„‡c–žÀ…Xå)0^æ̏r·A"é`¼Ãs£v²Óå+sìWlìœIÇб³ÒÁãðÖ:¥Ö6¶†ô(++:EƀÎN(Œ¢ŸŒJ	E°v1ñ”Ô`"‰š@MdãpE^E°ÞÑ¡)”ˆ`ÄÝÎΑd‹7B‚]½Ýum\\8”Öå¹bñFº8.¬{XÎ4Ö%&ìPJhÊJº
ÌÍâB#¢=(«!i•cjën›ÍŠ´ˎ;¡³¾Ë!¢šàw9&2¸	•Ü»eáu°Fá{òƒFéerÖh»¶õâÏb{­¹´¬QÒªê@²‹ðƑì!+LW„ÒDB캊½»P2¹
Ã\×ä„Áʽ"waÓJ….°¦{åºájþΚQŒ€¹÷ Àn²@-Œ[ àÇxõÅؕ5ƒI̙Kñ…åé jˆfƒÍ)DÿÁ¢€²ÌØx`°¸qA˜d…å—n,§vs?£Û{øs\[hT>b„À<DÑH^1…U©‡û ˜‚Br~Þ!Èg&‰ @C0õÏÓð€9ìŒ(ÿ
ðpÏýø«Wñ!@¾`¥-ÅI+Û¸’ýëíI<b÷ì¿P
nÙ>Ñ1©6Ôð´J"
°‚†[;kEаZ–XeE.¤»R#Òâ)C4L– @•˜7lÌþt1®ˆ8Ðր ™ƒZÁBXXÌeÀºùõî4k%øY[A4ÖŃÀÖ.Ð94
ŽOÖÂeó]ɊcYŒ-ô@öØÿd€€u€†À?°÷ç·¹ƒ½¨TZ0“Ɓåéïîe£ëîb
ÇN	|Ûò•ÌjòÅÅ8(¤†'͚S¸5ÿÈîOÆ-Àk{[ØÝÁ`ï['cƒý…?Jƒ†Ònj†,±š,°ZFÚYq¿µDg,€,¸\ÿ¤óeÙ"¡3Äæ¾XµhKöÎܶ°ƒ-°Ç:ÈÞJLö˜«±ž§Á’ÖRfÀÈ^ܟfÆh74Y4¶Z P.<d üæÑ5üR®»Ïõ•ñb^ºÀ8ž/
)úûÓ}¯’5kOƒqhž?Ö· ÌkaáœT÷$J"¸ççJ‘‘‚:koùâK×ßÌXöVA0¬í䏼gÆcñ iî…íÀŽ%æ°¡ (ý&˜íC€!DPÃZhw¡#„52×Зaݬ	yÆ
…YíÃrpç®aÅs£jXü…2®($”uÏìþx÷Ÿ
9’d0ˆfp7°oýðžù	0¹Œxæ1Þ/X’P…ú×5}ÿdüÀÊ`<͘ïˆÙe`ó1ÓÀ]΅<Ì\Xæ=PÕþ5(	зAu~`ú‚ˆç€Ît9Àa0ôÌIR:ôyÖpSÉÆB³óóK5øOkæÏëæý	¿ÛP‡þOá¿cÿ(„ú-„?êûŸ‚˜8÷Ð&ùwۇºøŒ*“þÇ›ÿ3cõÚCÿnû°éæ¹FéXfà÷/Šÿ]ùMB!,Äÿ+°ø”å,€ò‡Ì¢HóM‚{XÑvpÏ­6˜	 ÕÐ&`K0|þJþ¨ÿà‚ƒ5ýŽ³.Ø\䐂Æs?ÿÀlÞÕöwf®Lfü¼ÿ~çŠ	0…¢ŠWÄMdŀà'·^¸_ùX©Ð*f¼s'NÄ͌ý÷Ëã)ÌòõÛÌ\â?‰ÿ`YØÉßï还ÎÔÿ~\D%eÃ6WЙ:£,ÃYÁ8@@è˜À²èJY4t Œ2itjÁ~nîê,:à‰0?t¼ÓY4\äðÇRaX
/ ¥@À¤‘- HbÑ°NÆ_CyàTª³h¨»°hX¶šI3œ‡X´5¤Ø˜y`_B˜4#EÃúŸ²òÀƒ•.5@Ã#݄I3I,òÐÅÊ'3,òƒƒƒ
òÀþ&±hØîS&ͨ“.c?D
Ç0„I3œ™,š”3¬<°-!81€†|z°hÈ?I3:u,ŽíÄoù¥à4Z,òÉ¢aýՀfeáЏzAN&`ž¿“§Ì²Œ>2t:PXÍè“f()™,ʆÜhA8°hÈg!“füàN'‹†cîO3VžL
罉I3œR],š!3Ð#òÀ1TgÑX8°hÈC4‹†õ×±h8>י4ÃñÅ8A
ÇցI3汐EÃü]¬<N ˜aÑpü‰ðôyã̤:ªY4Ì#%Ä 1PV=X´Ìâ•ApEÃz>1ifY`cBæ÷`Ҍ²…¿Ñ],òü‰•3p"LŽC“ÆÀ9ýÄ¢a»BP]4œGÍh‹EÃü…€^™:ÿ»œüFC@¡[ TظÀ’pÁ‚U;w¨˜~.I^þYöTp‡Bì^Ċ¨†¹ßΧaBVϤ±!d3=/ã•iˆbg\QŒ«,¸*#6 $/ȍFÈ©0dGÈ2
ˈC!dVèÉ1Ù)A±#æX2–™IJ(PÄ.”qj4…!ß( 1ǀ9nåêàë‘åàä™ÊÈɍèáŒ	&¦Œ{4à±Ð'X{DJ#ÖðÇê)ýÈI‹ŒuòspŽ	Êb¤»ÅüžÎ†àp¦0$¹ø‚úíàLð†¦¦&ƌv0ˆ‡
ì³LÜ«õ`±0
Ëê °äjÍH¡U¬¢Ã™¹894œÌH£°„njçDB))ä0òV.r(ÙŏQQf´ †Ø‚u&ƒ+›’n
ÓQÀa†) \˜aØoëØ$çD+ÿXF=N‘ÞŒœÜg`@0122dÜ£«äßÇ1ɋB6Äo€ÿä…B#;ja¶ÑˆƒCv„G¦¦3â8D²#y‰“†PfäáD°díXr¤#è“:…A±!ñä;fnrD(•ivPK™ÊÈÁ‰Øu2Èь;0fÊ«È+­†8 =@7‚75Ƙ˜˜âõf9y-p
¹eC"³âƒ ×þŒЈW¹‘$R†«c\\?fþD/€Ä§†ÛyGZ%ÛGÓ=`Ʌq3ÄáôÁ°0îÄøyül+¡€5c	†&044Åý?8?Œ^ÒVi£Y=s4[o„ðÁΏ!¢Ý¼û
	fPÌN[o„[o„ðÁEô=½¢Ý¼û
	fPÌNPÎ̛,º+Ämš® žð1mÅƜ5Ü&þ]ʛfÒü‰nu(ëÖLÜʘŠpaˆí"¾D¡°Å·ÞÕu\zÐÖÓWG¸9®òŒƒïkM!˜ßË4|A
.PâÅBK‰¤øá
G²¤uÚ&y'–Ñm7EցžðMTøìˆ2§s£fONO§ñ'·z(ÉîŒ3ëÊRܧRù¶P¶ˆ“(âÐý'¶·FÖk’E@K§¼sUx0Œ 9L!˜²WbgNtuá=+ÅÁKv¢áu''…eà º[ÀmšÊÙýŽ{vƒü›À9ß}GÃÃ¥fÒ§z(Ø~¸R™`<HÛ´BùŠû<Ë׋­ÁòœÅ·Ô¤’Eˆþ ¼þšØrƒ¿æٙ'J¿ñ%
>l*P>y~[cåÖt&'«ë6ÞÐm7ÐS:û
ð¼Ò(jö51§ö!ša›»]“ý‰‹Õƒ,8Ýíõ3§Lˆ¿Ó
	ý§ÒDå¦2œÅiÁkóFEˆËªÊU°ú„=L‰’žç/ˆ|AšÄ/ÁÖÎ66Óu´|a,ì|º%侍–Ö£Š™Ü9ãOÉa&!]v{Ã_&RS“úŸƒ‚ƒÕëÑvÈãWùÿP¶ˆ“Uw¡÷Y~ÿg%&’Eˆ â¨ôA« ƒŠi¡¬„nL4|—6F­YK‰Q¹¯×n?î›,/Þ%ø#ƶ‡žF1⃵‡=Þ&DÂ	jÓ§z탵ö&þ±6]Hn“ùP¶¥ìé(¾E¡ñV!¸ÞÕ£W¤†ˆ!¿ž­j¥õ ê8¡˜'Ì¢4|A8Q‹kÅõ-ÃÉòé,¨qZ›,/˜@n7E®ŽßF™o2yS›Šg§_èGÃ`òf:‰´MÊ<QÖ­`ží€Rùg†¡ýºŽE¡ñÅ!Þ?ê”×ùØËÁ¼ÚS¤Ÿ‚„iŸw¿hÄkñځÅNÒCÙ¦ådÂ'䒜,/Þ.ø¢Ö£Š™Ü=ãø—‡¶È|)sœNöRæ«zƒ<1Ö­`žÕ.€RùgõPpýÒõE¡|áÁB+Íêoj•ÉËÁ¼ÝUÎ
ƒ4¿´ùèP'|Jž|«›K„*{‘L‰d¹%¶''Úe‡­îÔm7ÿºO€žlAêM
›‹Fs‚±ÃtœÎÒ§zëb­`<_Ü©Rcÿ RËýýÒÞ¯¡[œ/·HÙAçÐtNCðÉâh¡ Ôî™M!˜È·0‹4|–
Íå㢼8.ÇÌ~w“,†5]º'–c›xïe)ÝbÌvˌ/³¸i±Ãt›ÐÓúz*Ðv~Ô"T5_ݒR„t¢Û¾ù§_=žð›âÖê’ÿX˜¼,5u栃î9šb˜|6µhIá„äQÁKßp«H
5…²j7›ºÊQYCGÖN×Uð@bÉv›5/rŽœEc}¶›fÒ`Š±Ä‚-?½È¥@?©ùŠ+L·g¨%‹¯¡[œ·•I’w¢ˆ â¨É¬¥4iL‹šy'|Jœ|A!Õ*/Á‘iª^ßË~'ä
[ŠŒÞ:m¡EÎßð†äJø£7Ü|ÊnÒ¯‹‡rÔ§zÙٕþÚf¯ˆ?Rù¸Æd¢ý§:´r§
V©·ÞÕ£7¬†ˆË„À–#¥õ ¿×– y'|K4‡I8uÁ÷U‰n6ÕXa3)…Úñ· Þ%ø#ÆÂz„žF¼~ø1as²æÖÖtƒ)ÜfÒzƒØ•— å_Ü©Rùº·Paý§'1$ݸ	ގ’EˆX¬¤¢¥ ;iL!˜'J4|gÍá„*õÁÖ«é×u''…Ú›l}ÞЅgEÖN€žð1øÉ›5Ü&sGÃîèfқǝƒ†{Õ­x3õÜŸùÿ¶PaýÛ ‹E¡ñœÅøãA]{¨õ;˜¼sW%ì÷€Ê¿•Ý™¼4|´ƒ4éž"¿Î‹XIu'ç†! rSBߜ³Jžò
yU¤ø(
á§Ai↌¶/o›±ùÈâϵ_ÌQõÜqUpr&ÂÊk8ÌEöDáêNsþEˆËW¼sad堞4iL˜'J4|Õá„lÅÁ"‰«k×u'r…Ú›î/ÞÐe7EÖ~€ž¾1ø­›5&sòGÃܛfÒÏzƒº-Õ­?åõÜÒRùÿAPaý6ҋEHñœÅVÞÕê(’Eˆ×W¼sr#¥ ,4iL¿˜')J4|má„ãÅÁ‰«¾×u'ޅڛç/ÞÐt7Eր€ž|1øî›5‚&søG÷›fÒõzƒ°-Õ­éåõÜRùÿ€Paý¸Ò‹EñœÅÛÞÕê’EˆòW¼s•#¥ j4iLҘ'ŒJ4|ᄻÅÁ‚‰«#×u'Z…Ú›/ÞÐõ7EÖ¬€ž€1øâ›5&&sMGõ›fÒmzƒ-Õ­¨åõ܌RùÿÀPaý˜Ò‹EhñœÅ>ÞÕêÒEˆ©W¼s#¥ È4iL®˜'ÏJ4|µᄼÅÁt‰«V×u'Ӆڛ/ÞÐ>7EÖC€ž¸1øW›5á&
2000
sÍGÃà›fқz

This file has been truncated. Go here to download in full.


packet_stats.log - (13028 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          5101          1795136     1052701156     729643558       3721.9b   99.89
 IPv4      17            10         20307620      982822663     427382883          4.3b    0.11
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          5101            65814       13076034        240582          1.2b   93.89
TMM_FLOWWORKER              IPv4      17            10           324979       10094768       1427275         14.3m    1.09
TMM_RECEIVEPCAPFILE         IPv4       6          5013             2529       15908057         10138         50.8m    3.89
TMM_RECEIVEPCAPFILE         IPv4      17            10             2681          10396          3654         36.5k    0.00
TMM_DECODEPCAPFILE          IPv4       6          5013             2645          38962          2917         14.6m    1.12
TMM_DECODEPCAPFILE          IPv4      17            10             2912          32542          6510         65.1k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          5013             2806        4993851          4363         21.9m  1.92  
flow                    IPv4      17            10             3105          13169          5126         51.3k  0.00  
stream                  IPv4       6          5101             2573        4542119         11458         58.5m  5.14  
app-layer               IPv4      17            10            11588          48696         20904        209.0k  0.02  
detect                  IPv4       6          5101            44277       13038898        203368          1.0b  91.16 
detect                  IPv4      17            10           251545         846339        415933          4.2m  0.37  
tcp-prune               IPv4       6          5101             2536         137394          3112         15.9m  1.39  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            29             3200          29052          8729        253.2k  32.72 
tls                     IPv4       6           140             2676          21618          3211        449.6k  58.11 
dns                     IPv4      17            10             5787          10676          7099         71.0k  9.18  
Proto detect            IPv4       6             6             2697          20544          7149         42.9k
Proto detect            IPv4      17            10             6745          28426         12364        123.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            75            14187         106708         27197          2.0m  7.47  
LOGGER_UNIFIED2             IPv4       6            75            19714         216731         40301          3.0m  11.07 
LOGGER_JSON_ALERT           IPv4       6            75            37519         148904         56598          4.2m  15.55 
LOGGER_JSON_DNS             IPv4      17            10            36596        9157914        966184          9.7m  35.39 
LOGGER_JSON_HTTP            IPv4       6            23            37261         266428        111884          2.6m  9.43  
LOGGER_JSON_TLS             IPv4       6            71            33871         129514         54793          3.9m  14.25 
LOGGER_JSON_FILE            IPv4       6            23            47493         161687         81136          1.9m  6.84  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1419             2569       12891398         41050        58.3m  20.53 
payload                           IPv4      17            10            22616         135331         47962       479.6k  0.17  
stream                            IPv4       6          1419             2538         793192         48031        68.2m  24.02 
http_uri                          IPv4       6            23             3249          63459         10129       233.0k  0.08  
http_request_line                 IPv4       6            23             3958          20356          6790       156.2k  0.06  
http_client_body                  IPv4       6            23             2853          55737          8895       204.6k  0.07  
http_header (request)             IPv4       6            23             9442         184432         77862         1.8m  0.63  
http_header (request trailer)     IPv4       6            23             2658           3732          2838        65.3k  0.02  
http_header_names (request)       IPv4       6            23             7816          65190         20373       468.6k  0.17  
http_accept (request)             IPv4       6            23             3170          24688          5509       126.7k  0.04  
http_referer (request)            IPv4       6            23             2774           4415          3237        74.5k  0.03  
http_content_len (request)        IPv4       6            23             2966          10659          3854        88.7k  0.03  
http_content_type (request)       IPv4       6            23             2770           4176          3408        78.4k  0.03  
http_protocol (request)           IPv4       6            23             3490           7032          5046       116.1k  0.04  
http_start (request)              IPv4       6            23             7167          52099         17498       402.5k  0.14  
http_raw_header (request)         IPv4       6            23             6466          35338         19276       443.4k  0.16  
http_method                       IPv4       6            23             3726          20410          6709       154.3k  0.05  
http_cookie (request)             IPv4       6            23             2981          33618         13223       304.1k  0.11  
http_raw_uri                      IPv4       6            23             2662           9528          3595        82.7k  0.03  
http_user_agent                   IPv4       6            23             2896         154680         42846       985.5k  0.35  
http_host                         IPv4       6            23             3148          12558          4721       108.6k  0.04  
dns_query                         IPv4      17             5             7535          35546         17227        86.1k  0.03  
tls_sni                           IPv4       6            72             3249          32638          4847       349.0k  0.12  
http_response_line                IPv4       6            20             3524          38026         10421       208.4k  0.07  
http_header (response)            IPv4       6            20             8198         152173         46937       938.7k  0.33  
http_header (response trailer)    IPv4       6            17             2575         101118         10294       175.0k  0.06  
http_content_type (response)      IPv4       6            20             3479          13116          8224       164.5k  0.06  
http_raw_header (response)        IPv4       6           744             3472          31106          4366         3.2m  1.14  
http_cookie (response)            IPv4       6            20             2822          17095          3945        78.9k  0.03  
http_stat_code                    IPv4       6            20             2780           5294          3900        78.0k  0.03  
tls_cert_issuer                   IPv4       6            71             3426          19813          4832       343.1k  0.12  
tls_cert_subject                  IPv4       6            71             4148          30073          7135       506.6k  0.18  
tls_cert_serial                   IPv4       6            71             3188          18874          4080       289.7k  0.10  
file_data (http response)         IPv4       6           727             2580        1690820        198800       144.5m  50.93 
Total                             IPv4                  5140                                         55207       283.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           186             3929         129704         32856          6.1m  0.45  
PROF_DETECT_IPONLY          IPv4      17            10            37417         120248         54388        543.9k  0.04  
PROF_DETECT_RULES           IPv4       6          5101             2520       10273331         71770        366.1m  27.00 
PROF_DETECT_RULES           IPv4      17            10           104654         400679        206479          2.1m  0.15  
PROF_DETECT_STATEFUL_START    IPv4       6          1316             5099        2275008        102304        134.6m  9.93  
PROF_DETECT_STATEFUL_CONT    IPv4       6          5101             2518          83272          6528         33.3m  2.46  
PROF_DETECT_STATEFUL_CONT    IPv4      17            10             5717          78033         13615        136.2k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          4645             2540          41668          2800         13.0m  0.96  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            10             2709           3131          2916         29.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          5101             7669       12955083         77134        393.5m  29.02 
PROF_DETECT_PREFILTER       IPv4      17            10            46261         173419         88388        883.9k  0.07  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1419            13297       12904485         97337        138.1m  10.19 
PROF_DETECT_PF_PAYLOAD      IPv4      17            10            27960         140589         53232        532.3k  0.04  
PROF_DETECT_PF_TX           IPv4       6          4645             2547        1704579         38199        177.4m  13.09 
PROF_DETECT_PF_TX           IPv4      17             5            13593          41711         23118        115.6k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6          1334             2525          39557          3506          4.7m  0.34  
PROF_DETECT_PF_SORT1        IPv4      17            10             3301           4087          3727         37.3k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          5101             2508          78848          2930         14.9m  1.10  
PROF_DETECT_PF_SORT2        IPv4      17            10             3114          30907          7442         74.4k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          5101             2524          46179          3028         15.4m  1.14  
PROF_DETECT_NONMPMLIST      IPv4      17            10             2919           3844          3228         32.3k  0.00  
PROF_DETECT_ALERT           IPv4       6          5101             2511          79041          2897         14.8m  1.09  
PROF_DETECT_ALERT           IPv4      17            10             2528          10662          3605         36.1k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          5101             2546        6157202          4504         23.0m  1.69  
PROF_DETECT_CLEANUP         IPv4      17            10             3041           6375          3926         39.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6          5101             2512          85928          3221         16.4m  1.21  
PROF_DETECT_GETSGH          IPv4      17            10             5901          10423          6858         68.6k  0.01  


suricata-4.0.0-etpro-all-alert-2019-01-28-T-12-52-34-01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap.txt - (18582 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
09/03/2018-17:29:07.388997  [**] [1:2019837:3] ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 94.73.151.140:80 -> 10.9.3.102:52301
09/03/2018-17:29:07.388997  [**] [1:2019613:3] ET POLICY Office Document Download Containing AutoOpen Macro [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 94.73.151.140:80 -> 10.9.3.102:52301
09/03/2018-17:29:40.585921  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 162.221.188.251:80 -> 10.9.3.102:52302
09/03/2018-17:29:40.585921  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 162.221.188.251:80 -> 10.9.3.102:52302
09/03/2018-17:29:40.585921  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 162.221.188.251:80 -> 10.9.3.102:52302
09/03/2018-17:39:12.249203  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52310
09/03/2018-17:39:12.838779  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52311
09/03/2018-17:39:14.623383  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52312
09/03/2018-17:39:15.207566  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52313
09/03/2018-17:45:27.109345  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52322
09/03/2018-17:45:27.736609  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52323
09/03/2018-17:45:30.786845  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52324
09/03/2018-17:45:31.396290  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52325
09/03/2018-17:49:11.730870  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52327
09/03/2018-17:49:12.289177  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52328
09/03/2018-17:50:35.655734  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52329
09/03/2018-17:50:37.492581  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52330
09/03/2018-17:50:38.937507  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52331
09/03/2018-17:50:39.541823  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52332
09/03/2018-17:54:24.850811  [**] [1:2827580:7] ETPRO TROJAN W32/Emotet.v4 Checkin 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:24.850811  [**] [1:2828008:2] ETPRO TROJAN W32/Emotet.v4 Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:24.850811  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:27.519686  [**] [1:2827580:7] ETPRO TROJAN W32/Emotet.v4 Checkin 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:27.519686  [**] [1:2828008:2] ETPRO TROJAN W32/Emotet.v4 Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:27.519686  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.9.3.102:52338 -> 73.125.45.48:80
09/03/2018-17:54:28.142180  [**] [1:2827580:7] ETPRO TROJAN W32/Emotet.v4 Checkin 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52339 -> 73.125.45.48:80
09/03/2018-17:54:28.142180  [**] [1:2828008:2] ETPRO TROJAN W32/Emotet.v4 Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.9.3.102:52339 -> 73.125.45.48:80
09/03/2018-17:54:28.142180  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.9.3.102:52339 -> 73.125.45.48:80
09/03/2018-17:55:42.274556  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52340
09/03/2018-17:55:44.110022  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52341
09/03/2018-17:55:46.645237  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52342
09/03/2018-17:55:47.415326  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52343
09/03/2018-17:59:14.221966  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52345
09/03/2018-17:59:15.181742  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52346
09/03/2018-18:00:50.544780  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52347
09/03/2018-18:00:51.791982  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52348
09/03/2018-18:00:53.915992  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52349
09/03/2018-18:00:54.511933  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52350
09/03/2018-18:05:56.433966  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52351
09/03/2018-18:05:57.020315  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52352
09/03/2018-18:05:58.430682  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52353
09/03/2018-18:05:58.984424  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52354
09/03/2018-18:09:11.045599  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52356
09/03/2018-18:09:13.786091  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52357
09/03/2018-18:09:15.222013  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52358
09/03/2018-18:09:16.093948  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52359
09/03/2018-18:09:17.056599  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52360
09/03/2018-18:09:17.833336  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52361
09/03/2018-18:09:33.066939  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52363
09/03/2018-18:09:34.273270  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52364
09/03/2018-18:09:40.489926  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52366
09/03/2018-18:09:41.079777  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52367
09/03/2018-18:11:00.316144  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52369
09/03/2018-18:11:00.877253  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52370
09/03/2018-18:11:02.762629  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52371
09/03/2018-18:11:03.331298  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52372
09/03/2018-18:11:49.162373  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52374
09/03/2018-18:11:52.028157  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52375
09/03/2018-18:12:35.878559  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52376
09/03/2018-18:12:36.442953  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52377
09/03/2018-18:13:04.154870  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52378
09/03/2018-18:13:04.793997  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52379
09/03/2018-18:13:07.963949  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52380
09/03/2018-18:13:09.513189  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52381
09/03/2018-18:16:04.698199  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52382
09/03/2018-18:16:05.437046  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52383
09/03/2018-18:16:08.995051  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52384
09/03/2018-18:16:09.645263  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52385
09/03/2018-18:19:19.943111  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52386
09/03/2018-18:19:20.497988  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52387
09/03/2018-18:21:11.203705  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52388
09/03/2018-18:21:11.787430  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52389
09/03/2018-18:21:13.228954  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52390
09/03/2018-18:21:13.851141  [**] [1:2825353:4] ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 178.132.7.107:443 -> 10.9.3.102:52391
09/03/2018-18:26:15.381184  [**] [1:282535

This file has been truncated. Go here to download in full.


stats.log - (3304 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 1/28/2019 -- 12:52:34 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 5023
decoder.bytes                              | Total                     | 4434325
decoder.ipv4                               | Total                     | 5023
decoder.ethernet                           | Total                     | 5023
decoder.tcp                                | Total                     | 5013
decoder.udp                                | Total                     | 10
decoder.avg_pkt_size                       | Total                     | 882
decoder.max_pkt_size                       | Total                     | 21974
flow.tcp                                   | Total                     | 93
flow.udp                                   | Total                     | 5
tcp.sessions                               | Total                     | 93
tcp.syn                                    | Total                     | 104
tcp.synack                                 | Total                     | 88
tcp.rst                                    | Total                     | 25
detect.alert                               | Total                     | 84
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 14
app_layer.tx.http                          | Total                     | 23
app_layer.flow.tls                         | Total                     | 71
app_layer.flow.dns_udp                     | Total                     | 5
app_layer.tx.dns_udp                       | Total                     | 5
flow_mgr.closed_pruned                     | Total                     | 9
flow_mgr.new_pruned                        | Total                     | 5
flow_mgr.est_pruned                        | Total                     | 5
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 96
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.flows_timeout                     | Total                     | 91
flow_mgr.flows_timeout_inuse               | Total                     | 74
flow_mgr.flows_removed                     | Total                     | 17
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65441
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7101952


eve.json - (88673 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{"timestamp":"2018-09-03T17:29:02.906471+0000","flow_id":1236389809018087,"pcap_cnt":1,"event_type":"dns","src_ip":"10.9.3.102","src_port":49923,"dest_ip":"10.9.3.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55282,"rrname":"trendtrabzon.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-09-03T17:29:03.277805+0000","flow_id":1236389809018087,"pcap_cnt":2,"event_type":"dns","src_ip":"10.9.3.1","src_port":53,"dest_ip":"10.9.3.102","dest_port":49923,"proto":"UDP","dns":{"type":"answer","id":55282,"rcode":"NOERROR","rrname":"trendtrabzon.com","rrtype":"A","ttl":2713,"rdata":"94.73.151.140"}}
{"timestamp":"2018-09-03T17:29:07.388997+0000","flow_id":277583457379959,"pcap_cnt":30,"event_type":"alert","src_ip":"94.73.151.140","src_port":80,"dest_ip":"10.9.3.102","dest_port":52301,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019837,"rev":3,"signature":"ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2018-09-03T17:29:07.388997+0000","flow_id":277583457379959,"pcap_cnt":30,"event_type":"alert","src_ip":"94.73.151.140","src_port":80,"dest_ip":"10.9.3.102","dest_port":52301,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019613,"rev":3,"signature":"ET POLICY Office Document Download Containing AutoOpen Macro","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2018-09-03T17:29:11.366334+0000","flow_id":277583457379959,"pcap_cnt":37,"event_type":"http","src_ip":"10.9.3.102","src_port":52301,"dest_ip":"94.73.151.140","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"trendtrabzon.com","url":"\/Payments\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"application\/msword"}}
{"timestamp":"2018-09-03T17:29:39.377225+0000","flow_id":1755700749648265,"pcap_cnt":39,"event_type":"dns","src_ip":"10.9.3.102","src_port":61058,"dest_ip":"10.9.3.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30736,"rrname":"rtnbd24.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-09-03T17:29:39.456033+0000","flow_id":1755700749648265,"pcap_cnt":40,"event_type":"dns","src_ip":"10.9.3.1","src_port":53,"dest_ip":"10.9.3.102","dest_port":61058,"proto":"UDP","dns":{"type":"answer","id":30736,"rcode":"NOERROR","rrname":"rtnbd24.com","rrtype":"A","ttl":1383,"rdata":"162.221.188.251"}}
{"timestamp":"2018-09-03T17:29:39.745613+0000","flow_id":1909739751674118,"pcap_cnt":48,"event_type":"http","src_ip":"10.9.3.102","src_port":52302,"dest_ip":"162.221.188.251","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"rtnbd24.com","url":"\/JLbh1WGtMu","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:29:39.754496+0000","flow_id":1909739751674118,"pcap_cnt":50,"event_type":"fileinfo","src_ip":"162.221.188.251","src_port":80,"dest_ip":"10.9.3.102","dest_port":52302,"proto":"TCP","http":{"hostname":"rtnbd24.com","url":"\/JLbh1WGtMu","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":301,"redirect":"http:\/\/rtnbd24.com\/JLbh1WGtMu\/","length":1147},"app_proto":"http","fileinfo":{"filename":"\/JLbh1WGtMu","gaps":false,"state":"CLOSED","stored":false,"size":1147,"tx_id":0}}
{"timestamp":"2018-09-03T17:29:40.585921+0000","flow_id":1909739751674118,"pcap_cnt":71,"event_type":"alert","src_ip":"162.221.188.251","src_port":80,"dest_ip":"10.9.3.102","dest_port":52302,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2018-09-03T17:29:40.585921+0000","flow_id":1909739751674118,"pcap_cnt":71,"event_type":"alert","src_ip":"162.221.188.251","src_port":80,"dest_ip":"10.9.3.102","dest_port":52302,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-09-03T17:29:40.585921+0000","flow_id":1909739751674118,"pcap_cnt":71,"event_type":"alert","src_ip":"162.221.188.251","src_port":80,"dest_ip":"10.9.3.102","dest_port":52302,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2018-09-03T17:29:43.034348+0000","flow_id":1909739751674118,"pcap_cnt":165,"event_type":"http","src_ip":"10.9.3.102","src_port":52302,"dest_ip":"162.221.188.251","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"rtnbd24.com","url":"\/JLbh1WGtMu\/","http_content_type":"application\/octet-stream"}}
{"timestamp":"2018-09-03T17:35:19.011820+0000","flow_id":1361457132985437,"pcap_cnt":342,"event_type":"http","src_ip":"10.9.3.102","src_port":52304,"dest_ip":"186.4.209.139","dest_port":8443,"proto":"TCP","tx_id":0,"http":{"hostname":"186.4.209.139","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:36:26.381123+0000","flow_id":237378295391280,"pcap_cnt":373,"event_type":"http","src_ip":"10.9.3.102","src_port":52307,"dest_ip":"186.4.209.139","dest_port":8443,"proto":"TCP","tx_id":0,"http":{"hostname":"186.4.209.139","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:37:00.496974+0000","flow_id":300552971489025,"pcap_cnt":391,"event_type":"http","src_ip":"10.9.3.102","src_port":52308,"dest_ip":"2.50.50.203","dest_port":443,"proto":"TCP","tx_id":0,"http":{"hostname":"2.50.50.203","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:37:09.963018+0000","flow_id":780777562099576,"pcap_cnt":691,"event_type":"http","src_ip":"10.9.3.102","src_port":52309,"dest_ip":"51.52.97.155","dest_port":50000,"proto":"TCP","tx_id":0,"http":{"hostname":"51.52.97.155","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:37:10.005522+0000","flow_id":780777562099576,"pcap_cnt":693,"event_type":"fileinfo","src_ip":"51.52.97.155","src_port":50000,"dest_ip":"10.9.3.102","dest_port":52309,"proto":"TCP","http":{"hostname":"51.52.97.155","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":330212},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":330212,"tx_id":0}}
{"timestamp":"2018-09-03T17:37:10.373940+0000","flow_id":780777562099576,"pcap_cnt":695,"event_type":"http","src_ip":"10.9.3.102","src_port":52309,"dest_ip":"51.52.97.155","dest_port":50000,"proto":"TCP","tx_id":1,"http":{"hostname":"51.52.97.155","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-09-03T17:38:15.248033+0000","flow_id":780777562099576,"pcap_cnt":696,"event_type":"fileinfo","src_ip":"51.52.97.155","src_port":50000,"dest_ip":"10.9.3.102","dest_port":52309,"proto":"TCP","http":{"hostname":"51.52.97.155","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":148},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":148,"tx_id":1}}
{"timestamp":"2018-09-03T17:39:10.324572+0000","flow_id":1238601757029340,"pcap_cnt":698,"event_type":"dns","src_ip":"10.9.3.102","src_port":50754,"dest_ip":"10.9.3.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46468,"rrname":"ovstor.space","rrtype":"A","tx_id":0}}
{"timestamp":"2018-09-03T17:39:10.662406+0000","flow_id":1238601757029340,"pcap_cnt":699,"event_type":"dns","src_ip":"10.9.3.1","src_port":53,"dest_ip":"10.9.3.102","dest_port":50754,"proto":"UDP","dns":{"type":"answer","id":46468,"rcode":"NOERROR","rrname":"ovstor.space","rrtype":"A","ttl":1991,"rdata":"178.132.7.107"}}
{"timestamp":"2018-09-03T17:39:12.246145+0000","flow_id":682983312730527,"pcap_cnt":706,"event_type":"tls","src_ip":"10.9.3.102","src_port":52310,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:39:12.249203+0000","flow_id":682983312730527,"pcap_cnt":708,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52310,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:39:12.838081+0000","flow_id":926997584832169,"pcap_cnt":721,"event_type":"tls","src_ip":"10.9.3.102","src_port":52311,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:39:12.838779+0000","flow_id":926997584832169,"pcap_cnt":723,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52311,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:39:14.622460+0000","flow_id":649519075360723,"pcap_cnt":748,"event_type":"tls","src_ip":"10.9.3.102","src_port":52312,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:39:14.623383+0000","flow_id":649519075360723,"pcap_cnt":750,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52312,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:39:15.206123+0000","flow_id":529221336343301,"pcap_cnt":763,"event_type":"tls","src_ip":"10.9.3.102","src_port":52313,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:39:15.207566+0000","flow_id":529221336343301,"pcap_cnt":765,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52313,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:45:27.108703+0000","flow_id":699130266969330,"pcap_cnt":1402,"event_type":"tls","src_ip":"10.9.3.102","src_port":52322,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:45:27.109345+0000","flow_id":699130266969330,"pcap_cnt":1404,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52322,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:45:27.736032+0000","flow_id":1056563887808722,"pcap_cnt":1417,"event_type":"tls","src_ip":"10.9.3.102","src_port":52323,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:45:27.736609+0000","flow_id":1056563887808722,"pcap_cnt":1419,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52323,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:45:30.786259+0000","flow_id":312812991259608,"pcap_cnt":1436,"event_type":"tls","src_ip":"10.9.3.102","src_port":52324,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:45:30.786845+0000","flow_id":312812991259608,"pcap_cnt":1438,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52324,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:45:31.395854+0000","flow_id":752239685337270,"pcap_cnt":1451,"event_type":"tls","src_ip":"10.9.3.102","src_port":52325,"dest_ip":"178.132.7.107","dest_port":443,"proto":"TCP","tls":{"subject":"CN=domain.com\/O=My Company Name LTD.\/C=US","issuerdn":"CN=domain.com\/O=My Company Name LTD.\/C=US"}}
{"timestamp":"2018-09-03T17:45:31.396290+0000","flow_id":752239685337270,"pcap_cnt":1453,"event_type":"alert","src_ip":"178.132.7.107","src_port":443,"dest_ip":"10.9.3.102","dest_port":52325,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2825353,"rev":4,"signature":"ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2018-09-03T17:49:10.326537+0000","flow_id":1438459509537673,"pcap_cnt":1464,"event_type":"dns","src_ip":"10.9.3.102","src_port":64118,"dest_ip":"10.9.3.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53006,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-09-03T17:49:10.401887+0000","flow_id":1438459509537673,"pcap_cnt":1465,"event_type":"dns","src_ip":"10.9.3.1","src_port":53,"dest_ip":"10.9.3.102","dest_port":64118,"proto":"UDP","dns":{"type":"answer","id":53006,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":299,"rdata":"172.217.9.4"}}
{"timestamp":"2018-09-03T17:49:10.848179+0000","flow_id":228970949126213,"pcap_cnt":1474,"event_type":"tls","src_ip":"10.9.3.102","src_port":52326,"dest_ip":"172.217.9.4","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","issuerdn":"C=US, O=Google Tr

This file has been truncated. Go here to download in full.


keyword_perf.log - (16279 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/28/2019 -- 12:52:34
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             16310538        5083            5083            384212          3208.00         3208.00         0.00           
  content          96252075        10855           5127            496439          8867.00         10322.00        7564.00        
  pcre             5734570         1415            628             37770           4052.00         3870.00         4198.00        
  byte_test        643052          190             108             14216           3384.00         3783.00         2858.00        
  byte_jump        265827          73              13              18618           3641.00         3405.00         3692.00        
  isdataat         14090           5               0               2837            2818.00         0.00            2818.00        
  flowbits         1490169         471             49              61871           3163.00         3586.00         3114.00        
  urilen           2099719         515             60              385041          4077.00         3477.00         4156.00        
  byte_extract     920059          294             294             31234           3129.00         3129.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             16310538        5083            5083            384212          3208.00         3208.00         0.00           
  flowbits         1410771         454             32              61871           3107.00         3010.00         3114.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24650815        6145            2480            84768           4011.00         4265.00         3839.00        
  pcre             2044439         590             425             25022           3465.00         3164.00         4240.00        
  byte_test        623999          186             105             14216           3354.00         3738.00         2857.00        
  byte_jump        244612          66              6               18618           3706.00         3842.00         3692.00        
  isdataat         14090           5               0               2837            2818.00         0.00            2818.00        
  byte_extract     920059          294             294             31234           3129.00         3129.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         79398           17              17              12516           4670.00         4670.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          535944          159             33              7852            3370.00         3957.00         3217.00        
  pcre             616586          114             28              25144           5408.00         6307.00         5116.00        
  urilen           2099719         515             60              385041          4077.00         3477.00         4156.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13313           3               3               6222            4437.00         4437.00         0.00           
  pcre             20405           6               6               4030            3400.00         3400.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          62442           19              0               4238            3286.00         0.00            3286.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          59523799        1627            524             496439          36585.00        64354.00        23392.00       
  pcre             1482289         422             2               17480           3512.00         5655.00         3502.00        
  byte_test        2975            1               0               2975            2975.00         0.00            2975.00        
  byte_jump        21215           7               7               3537            3030.00         3030.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7777203         1877            1469            62281           4143.00         4173.00         4036.00        
  pcre             1325068         238             123             37668           5567.00         5255.00         5900.00        
  byte_test        16078           3               3               6723            5359.00         5359.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          246455          60              25              20964           4107.00         4567.00         3778.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          129087          36              36              4993            3585.00         3585.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21518           2               2               18287           10759.00        10759.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5152            1               0               5152            5152.00         0.00            5152.00        
  pcre             14772           1               0               14772           14772.00        0.00            14772.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          326167          98              43              9293            3328.00         3433.00         3246.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_cookie
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             11829           2               2               6486            5914.00         5914.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2142123         575             371             22011           3725.00         3943.00         3328.00        
  pcre             219182          42              42              37770           5218.00         5218.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3192            1               0               3192            3192.00         0.00            3192.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          138371          41              1               4187            3374.00         3760.00         3365.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          676494          211             140             15144           3206.00         3361.00         2899.00        


IDSDeathBlossom.py.log - (1188 bytes) - download
1
2
3
4
5
6
7
8
2019-01-28 12:52:12,267 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-28 12:52:13,037 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-28 12:52:13,037 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-28 12:52:13,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-28 12:52:13,037 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-28 12:52:13,038 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/560df9b3a597a990e249acc0ea9c171056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap -vvv -k none
2019-01-28 12:52:34,324 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-28 12:52:34,325 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.06524086


suricata-report-2019-01-28-T-12-52-34-01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap.txt - (17847 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/560df9b3a597a990e249acc0ea9c171056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap -vvv -k none
elapsedtime:21.284625
stderr:
stdout:
28/1/2019 -- 12:52:13 - <Info> - Configuration node 'rule-files' redefined.
28/1/2019 -- 12:52:13 - <Notice> - This is Suricata version 4.0.0 RELEASE
28/1/2019 -- 12:52:13 - <Info> - CPUs/cores online: 1
28/1/2019 -- 12:52:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33886 and 'request-body-inspect-window' set to 15582 after randomization.
28/1/2019 -- 12:52:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34106 and 'response-body-inspect-window' set to 16202 after randomization.
28/1/2019 -- 12:52:13 - <Config> - DNS request flood protection level: 500
28/1/2019 -- 12:52:13 - <Config> - DNS per flow memcap (state-memcap): 524288
28/1/2019 -- 12:52:13 - <Config> - DNS global memcap: 16777216
28/1/2019 -- 12:52:13 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
28/1/2019 -- 12:52:13 - <Config> - preallocated 1000 hosts of size 136
28/1/2019 -- 12:52:13 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
28/1/2019 -- 12:52:13 - <Config> - using magic-file /usr/share/file/magic
28/1/2019 -- 12:52:13 - <Config> - Core dump size is unlimited.
28/1/2019 -- 12:52:13 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
28/1/2019 -- 12:52:13 - <Config> - preallocated 1000 defrag trackers of size 168
28/1/2019 -- 12:52:13 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
28/1/2019 -- 12:52:13 - <Config> - stream "prealloc-sessions": 2048 (per thread)
28/1/2019 -- 12:52:13 - <Config> - stream "memcap": 33554432
28/1/2019 -- 12:52:13 - <Config> - stream "midstream" session pickups: disabled
28/1/2019 -- 12:52:13 - <Config> - stream "async-oneside": disabled
28/1/2019 -- 12:52:13 - <Config> - stream "checksum-validation": disabled
28/1/2019 -- 12:52:13 - <Config> - stream."inline": disabled
28/1/2019 -- 12:52:13 - <Config> - stream "bypass": disabled
28/1/2019 -- 12:52:13 - <Config> - stream "max-synack-queued": 5
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly "memcap": 134217728
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly "depth": 0
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly "toserver-chunk-size": 2433
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly "toclient-chunk-size": 2653
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly.raw: enabled
28/1/2019 -- 12:52:13 - <Config> - stream.reassembly "segment-prealloc": 2048
28/1/2019 -- 12:52:13 - <Config> - Delayed detect disabled
28/1/2019 -- 12:52:13 - <Config> - pattern matchers: MPM: ac, SPM: bm
28/1/2019 -- 12:52:13 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
28/1/2019 -- 12:52:13 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
28/1/2019 -- 12:52:13 - <Config> - prefilter engines: MPM
28/1/2019 -- 12:52:13 - <Config> - IP reputation disabled
28/1/2019 -- 12:52:13 - <Perf> - Registered 148 keyword profiling counters.
28/1/2019 -- 12:52:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
28/1/2019 -- 12:52:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
28/1/2019 -- 12:52:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
28/1/2019 -- 12:52:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
28/1/2019 -- 12:52:18 - <Config> - No rules loaded from ET-icmp.rules.
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
28/1/2019 -- 12:52:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
28/1/2019 -- 12:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
28/1/2019 -- 12:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
28/1/2019 -- 12:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
28/1/2019 -- 12:52:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
28/1/2019 -- 12:52:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
28/1/2019 -- 12:52:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
28/1/2019 -- 12:52:25 - <Config> - No rules loaded from local.rules.
28/1/2019 -- 12:52:25 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
28/1/2019 -- 12:52:25 - <Info> - Threshold config parsed: 0 rule(s) found
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tcp-packet
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tcp-stream
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for udp-packet
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for other-ip
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_uri
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_client_body
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_header
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_header_names
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_accept
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_accept_enc
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_accept_lang
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_referer
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_connection
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_content_len
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_content_type
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_protocol
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_start
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_raw_header
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_method
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_cookie
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_raw_uri
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_user_agent
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_host
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_raw_host
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_stat_msg
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_stat_code
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for dns_query
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tls_sni
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tls_cert_issuer
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tls_cert_subject
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for tls_cert_serial
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for dce_stub_data
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for ssh_protocol
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for ssh_software
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for file_data
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_request_line
28/1/2019 -- 12:52:25 - <Perf> - using shared mpm ctx' for http_response_line
28/1/2019 -- 12:52:25 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
28/1/2019 -- 12:52:25 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
28/1/2019 -- 12:52:25 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
28/1/2019 -- 12:52:26 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
28/1/2019 -- 12:52:26 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
28/1/2019 -- 12:52:26 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
28/1/2019 -- 12:52:26 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
28/1/2019 -- 12:52:26 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
28/1/2019 -- 12:52:30 - <Perf> - Unique rule groups: 104
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toserver TCP packet": 35
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toclient TCP packet": 17
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toserver TCP stream": 33
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toclient TCP stream": 19
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toserver UDP packet": 27
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "toclient UDP packet": 17
28/1/2019 -- 12:52:30 - <Perf> - Builtin MPM "other IP packet": 3
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_uri": 14
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_request_line": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_client_body": 6
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_response_line": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_header": 10
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_header": 6
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_header_names": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_accept": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_referer": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_content_len": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_content_type": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_content_type": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_protocol": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_start": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_method": 5
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_cookie": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_cookie": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver http_host": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver dns_query": 4
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver tls_sni": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toserver file_data": 1
28/1/2019 -- 12:52:30 - <Perf> - AppLayer MPM "toclient file_data": 7
28/1/2019 -- 12:52:31 - <Perf> - Registered 39590 rule profiling counters.
28/1/2019 -- 12:52:31 - <Info> - fast output device (regular) initialized: alert
28/1/2019 -- 12:52:31 - <Info> - eve-log output device (regular) initialized: eve.json
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'alert'
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'http'
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'dns'
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'tls'
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'files'
28/1/2019 -- 12:52:31 - <Config> - enabling 'eve-log' module 'ssh'
28/1/2019 -- 12:52:31 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
28/1/2019 -- 12:52:31 - <Info> - stats output device (regular) initialized: stats.log
28/1/2019 -- 12:52:31 - <Config> - AutoFP mode using "Hash" flow load balancer
28/1/2019 -- 12:52:32 - <Info> - reading pcap file /var/pcap/01282019.1252-2018-09-03-Emotet-infection-with-Zeus-Panda-Banker.pcap
28/1/2019

This file has been truncated. Go here to download in full.